I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:

WARN -- : attack prevented by Rack::Protection::HttpOrigin

My heroku app: http://myapp.herokuapp.com My domain name where it does not work: https://www.myapp.my

In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help: Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]

My session_store.rb file:

Rails.application.config.session_store :cookie_store, key: '_myapp_session'

I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?

proxy_set_header        X-Forwarded-Host 'my-host.com';
proxy_set_header        X-Forwarded-Proto $scheme;

Or any other solution how to solve the 403 forbidden?

Edit: My routes

  require 'sidekiq/web'

  authenticate :admin do
    mount Sidekiq::Web => '/sidekiq'
  end

It does work on localhost but not in production

Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?

proxy_set_header X-Forwarded-Proto $scheme;

This will tell your application that the original request came in using https even though the request from nginx to unicorn is http.

But how to do it on heroku?