Devise hijacking a 401 response

2019-07-15 11:12发布

问题:

I'm trying to create an API and for one of my actions I'm restricting it to just admins. To do this, I'm using a before_filter that goes like this:

def authorize_admin!
  if !@current_user.admin?
    error = { :error => "You must be an admin to do that." }
    render params[:format].to_sym => error, :status => 401
  end
end

The problem is that when we send back a 401 response, the error is transformed into:

"{\"error\":\"You need to sign in or sign up before continuing.\"}"

This is the response that Devise sends back for when you send a 401 response.

Is there a way that I can turn off this functionality?

回答1:

What is the Devise version? This wiki page suggests that it should work on 1.2.

https://github.com/plataformatec/devise/wiki/How-To:-Provide-a-custom-failure-response-with-Warden



回答2:

I think that this page from the Devise wiki can help you. How To Use HTTP Authentication in Devise