I created a new Rails 5 application with rails new appname --api which seems great! I want to use it as a backend to a frontend with React and in time a Chrome App. For now I want to create an API.
I used the following gems
And I followed the directions on their Github and here to do the setup: http://www.developingandrails.com/2015/02/api-authentication-with-devisetokenauth.html
And now when I run the app I get:
Started GET "/" for 14.144.15.10 at 2016-07-17 17:21:46 +0000
ActiveRecord::SchemaMigration Load (0.1ms) SELECT "schema_migrations".* FROM "schema_migrations"
OmniAuth::NoSessionError (You must provide a session to use OmniAuth.):
I've looked for answers on Github and StackOverflow but no one seems to have the solution.
The only thing that seems to "fix" the problem is adding this:
# config/application.rb
config.middleware.use Rack::Session::Cookie
But this "solution" gives me this error in the console:
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Please help! Thanks.
Not totally sure, but something that worked for me in a project is:
#config/application.rb
config.middleware.insert_after(ActiveRecord::QueryCache, ActionDispatch::Cookies)
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore)