设计劫持401回应 [英] Devise hijacking a 401 response

问题描述

我正在尝试创建一个API，对于我的一个动作，我把它限制在只是管理员。为此，我使用一个 before_filter ，如下所示：

I'm trying to create an API and for one of my actions I'm restricting it to just admins. To do this, I'm using a before_filter that goes like this:

def authorize_admin!
  if !@current_user.admin?
    error = { :error => "You must be an admin to do that." }
    render params[:format].to_sym => error, :status => 401
  end
end

问题是当我们发回401回复，错误转换为：

The problem is that when we send back a 401 response, the error is transformed into:

"{\"error\":\"You need to sign in or sign up before continuing.\"}"

这是Devise发回的响应你发送401回复。

This is the response that Devise sends back for when you send a 401 response.

有没有办法可以关闭这个功能？

Is there a way that I can turn off this functionality?

推荐答案

什么是Devise版本？这个wiki页面表明它应该在1.2上工作。

What is the Devise version? This wiki page suggests that it should work on 1.2.

https://github.com/plataformatec/devise/wiki/How-To:-Provide-a-custom-failure-response-with -Warden

这篇关于设计劫持401回应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！