设计劫持401回应 [英] Devise hijacking a 401 response
本文介绍了设计劫持401回应的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试创建一个API,对于我的一个动作,我把它限制在只是管理员。为此,我使用一个 before_filter
,如下所示:
I'm trying to create an API and for one of my actions I'm restricting it to just admins. To do this, I'm using a before_filter
that goes like this:
def authorize_admin!
if !@current_user.admin?
error = { :error => "You must be an admin to do that." }
render params[:format].to_sym => error, :status => 401
end
end
问题是当我们发回401回复,错误转换为:
The problem is that when we send back a 401 response, the error is transformed into:
"{\"error\":\"You need to sign in or sign up before continuing.\"}"
这是Devise发回的响应你发送401回复。
This is the response that Devise sends back for when you send a 401 response.
有没有办法可以关闭这个功能?
Is there a way that I can turn off this functionality?
推荐答案
什么是Devise版本?这个wiki页面表明它应该在1.2上工作。
What is the Devise version? This wiki page suggests that it should work on 1.2.
https://github.com/plataformatec/devise/wiki/How-To:-Provide-a-custom-failure-response-with -Warden
这篇关于设计劫持401回应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文