Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make Devise respond to XHR authentication requests properly

  • Loading branch information...
commit 389bfc5311cca95f4fb26aadb99e46678c98e870 1 parent 9bec053
@benlangfeld authored
Showing with 33 additions and 1 deletion.
  1. +33 −1 Server/config/initializers/devise.rb
View
34 Server/config/initializers/devise.rb
@@ -21,6 +21,8 @@
# The realm used in Http Basic Authentication
# config.http_authentication_realm = "Application"
+ config.http_authenticatable_on_xhr = false
+
# ==> Configuration for :database_authenticatable
# Invoke `rake secret` and use the printed value to setup a pepper to generate
# the encrypted password. By default no pepper is used.
@@ -113,4 +115,34 @@
# end
# manager.default_strategies(:scope => :user).unshift :twitter_oauth
# end
-end
+ config.warden do |manager|
+ manager.failure_app = CustomFailure
+ end
+ end
+
+ class CustomFailure < Devise::FailureApp
+ def respond
+ if http_auth?
+ http_auth
+ elsif request.xhr?
+ http_auth
+ self.status = 403
+ elsif warden_options[:recall]
+ recall
+ else
+ redirect
+ end
+ end
+
+ def http_auth?
+ if request.xhr?
+ Devise.http_authenticatable_on_xhr
+ else
+ !Devise.navigational_formats.include?(request.format.to_sym)
+ end
+ end
+
+ def http_auth_header?
+ Devise.mappings[scope].to.http_authenticatable && !request.xhr?
+ end
+ end
Please sign in to comment.
Something went wrong with that request. Please try again.