From 50740f253ec78edfd39fe1ffa11efc20feafa60b Mon Sep 17 00:00:00 2001
From: Mike Perham <mperham@gmail.com>
Date: Sun, 21 Feb 2021 11:59:01 -0800
Subject: [PATCH] Restore class-level middleware APIs for backwards compat,
 fixes #4821

---
 Changes.md         |  4 ++--
 lib/sidekiq/web.rb | 21 +++++++++++----------
 test/test_web.rb   |  4 ++--
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/Changes.md b/Changes.md
index 99d8d5a7..470a9535 100644
--- a/Changes.md
+++ b/Changes.md
@@ -5,6 +5,7 @@
 HEAD
 ---------
 
+- Add process/thread stats to Busy page [#4806]
 - Refactor Web UI session usage. [#4804]
   Numerous people have hit "Forbidden" errors and struggled with Sidekiq's
   Web UI session requirement. If you have code in your initializer for
@@ -29,9 +30,8 @@ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
   use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
   run Sidekiq::Web
 ```
-- Add process/thread count summary to Busy page [#4806]
 
-  6.1.3
+6.1.3
 ---------
 
 - Warn if Redis is configured to evict data under memory pressure [#4752]
diff --git a/lib/sidekiq/web.rb b/lib/sidekiq/web.rb
index fff3fa8e..d5bea721 100644
--- a/lib/sidekiq/web.rb
+++ b/lib/sidekiq/web.rb
@@ -63,6 +63,14 @@ module Sidekiq
         opts.each { |key| set(key, false) }
       end
 
+      def middlewares
+        @middlewares ||= []
+      end
+
+      def use(*args, &block)
+        middlewares << [args, block]
+      end
+
       def set(attribute, value)
         send(:"#{attribute}=", value)
       end
@@ -89,7 +97,7 @@ module Sidekiq
     end
 
     def middlewares
-      @middlewares ||= []
+      @middlewares ||= self.class.middlewares
     end
 
     def use(*args, &block)
@@ -129,18 +137,11 @@ module Sidekiq
       extension.registered(WebApplication)
     end
 
-    def default_middlewares
-      @default ||= [
-        [[Sidekiq::Web::CsrfProtection]],
-        [[Rack::ContentLength]]
-      ]
-    end
-
     private
 
     def build
       klass = self.class
-      m = middlewares + default_middlewares
+      m = middlewares
 
       ::Rack::Builder.new do
         %w[stylesheets javascripts images].each do |asset_dir|
@@ -150,7 +151,7 @@ module Sidekiq
         end
 
         m.each { |middleware, block| use(*middleware, &block) }
-
+        use Sidekiq::Web::CsrfProtection unless $TESTING
         run WebApplication.new(klass)
       end
     end
diff --git a/test/test_web.rb b/test/test_web.rb
index 69f7c58a..dbd1883c 100644
--- a/test/test_web.rb
+++ b/test/test_web.rb
@@ -18,7 +18,7 @@ describe Sidekiq::Web do
 
   before do
     Sidekiq.redis {|c| c.flushdb }
-    app.default_middlewares.clear
+    app.middlewares.clear
   end
 
   class WebWorker
@@ -767,7 +767,7 @@ describe Sidekiq::Web do
       app
     end
 
-    it 'requires basic authentication' do
+    it 'requires uses session options' do
       get '/'
 
       session_options = last_request.env['rack.session'].options