Rack::Protection::HttpOrigin blocking POST through Nginx proxy

[samba]

This maybe a matter of configuration, but I'm not a Ruby developer (yet), so I'm not sure where to look for either diagnosing or fixing it properly.

I've got an Nginx installation proxying requests to Olelo. It seems GET requests work fine.

POST requests get a 403 Forbidden response, and in my console I see a log from Olelo: WARN -- : attack prevented by Rack::Protection::HttpOrigin

Nginx is responding to hostname a.b.c (example), and Olelo is using Thin, currently, to listen on 0.0.0.0:3535.

What requirements does this Protection module enforce? Are there specific HTTP headers I need to pass through? (I'm already trying with Origin and Cookie headers, but no luck.)

Is this a matter of configuring Olelo differently?

Thanks!

[minad]

I will take a look before the next release. You have to change the config.ru file

[samba]

Thanks @minad; please let me know if you have a sense of time-frame for that.

My current Nginx configuration, in this regard, looks like so: http://paste.debian.net/hidden/088dad59/