session middleware and 1.2.8

[nathany]

RuntimeError at /delayed_job/overview
you need to set up a session middleware *before* Rack::Protection::AuthenticityToken

I'm not sure how.

We're setting up DJ in our config.ru as per the readme:

if Rails.env.production? || Rails.env.staging?
  DelayedJobWeb.use Rack::Auth::Basic do |username, password|
    username == ENV["DJWEB_USERNAME"] && password == ENV["DJWEB_PASSWORD"]
  end
end

run Rack::URLMap.new \
  "/" => Octopus::Application,
  "/delayed_job" => DelayedJobWeb

And currently using activerecord-session_store configured in a session_store.rb initializer:

Rails.application.config.session_store :active_record_store

[plindelauf]

+1. I'm having the exact same problem.

[andyatkinson]

This seems related to a recent change from @toolmantim. Tim- in the set options in the sinatra app is the order causing this issue? It looks like you have declared sessions before authenticity token but maybe you could double check?

[toolmantim]

If you're using it alongside Rails, but not from within the Rails router (like the above code), try adding the following to your config.ru:

DelayedJobWeb.enable :sessions

[plindelauf]

Yep. That does the trick for me. Thanks, @toolmantim

[jontyD]

Fixed it for me too, thanks for the advice.

[nathany]

Thanks @toolmantim.

[jontyD]

@toolmantim however, I ran into further difficulties when I found I couldn't do update or delete anything because I got the forbidden page - no csrf token?

I rolled our app back to 1.2.0 for the moment and that is still working great.

[nathany]

@jontyD See #68 and #59 for that. Still having the csrf issue here too.

Perhaps DelayedJobWeb.enable :sessions should be added to the README? Otherwise it sounds like this issue can be closed.