First request for API controller returns 401, subsequent requests successful #2193

Closed
wjessop opened this Issue Dec 30, 2012 · 4 comments

Projects

None yet

5 participants

@wjessop

I've got an app that I make API requests to using token_authenticatable. After I start up the server the first request I make to the server returns a 401 status, even with the right auth details. Subsequent requests work fine.

I've put together a really basic demo app (data included) that shows the problem. Request examples using curl in the README.md file.

https://github.com/wjessop/devisedemo

@latortuga

I tried out your demo app and it definitely exhibits the issue you state, however it isn't limited to devise requests. You can issue any request whether it succeeds or not (just visit localhost:3000/anything in your browser for example) and all follow-up requests with the auth token will succeed. I'm kind of stumped honestly. Based on that investigation, I'd wager it's something to do with the order in which things are loaded.

In fact, based on that hunch, I just tested running the app in production mode and it does not exhibit the issue.

@vipulnsward

This isn't devise specific. Its just how Basic Auth works where even with good authentication, the auth mechanism forces to send second request with credentials, with the first request ending up as 401.

Related:
http://stackoverflow.com/questions/694135/eradicating-401-unauthorised-responses-followed-by-200-ok-responses

@josevalim
Plataformatec member

Good to know! Thanks @vipulnsward !

@josevalim josevalim closed this Apr 14, 2013
@mcr

Basic Auth does not have a challenge stage, so there is no reason for this to be the case. The URL referenced is true for browsers, but not the case for curl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment