Reputation: 33
Why does devise prompt me with basic auth when I'm already signed in?
Devise has been my go to authentication plugin for the past few Rails 3 projects I've worked on. In the current project, I'm using a vanilla install of devise with a user model using the default configuration modules.
Whenever I click a link that does an ajax post to a controller that uses Devise's:
before_filter :authenticate_user!
it prompts me for basic authentication. I've never seen this happen before, and I was wondering if anyone has an idea as to what might be causing it.
Upvotes: 3
Views: 932
Answers (2)
Reputation: 6049
http://jasoncodes.com/posts/rails-csrf-vulnerability
The above link mentions that Rails requires an auth token with all "with each non-GET Ajax request"s to Devise. (because of the protection from forgery stuff)
The article mentions how to do it, too, but I'm still figuring that part out.
If you DON'T do that, then Rails seems to require you to log in a second time (usually only once).
Upvotes: 1
Reputation: 40277
AJAX is going to be (usually) a content_type of javascript or json.
In cases like this, devise is not going to redirect you to the login page, it will issue a 401 response code (login required). Your browser gets the 401 and gives you the change to login with HTTP authentication.
You will probably want to check on your view if the user is logged in before sending the ajax information to the protected endpoint.
Upvotes: 3
Related Questions
- Devise JWT "You need to sign in or sign up before continuing"
- Devise & Ruby on Rails: How to resolve "Completed 401 Unauthorized" when trying to Log In
- Rails + devise sign_in error
- Devise getting 401 unauthorized right after sign in
- Rails devise sign in not working
- Devise is not remembering the sign in credentials
- Rails Devise "You need to sign in or sign up before continuing"
- Devise logged in but unauthorized
- Devise and basic auth
- Devise can't sign in