All threads / How do I switch off Devise authorization for API requests?
Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do I switch off Devise authorization for API requests?

William Jones asked in Javascript

I have 2 URL's to access the same Rails application. One URL is internal to our network and does not require authentication. The other is accessible outside our network and does require authentication. I put the following code in the app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
before_action :authenticate_user!, if: :outside_the_network_is_true?

private

def outside_the_network_is_true?
logger.info 'request.original_url[7..9] = ' + request.original_url[7..9]
outside_the_network = false
if request.original_url[7..9] == 'ops'
outside_the_network = true
end
outside_the_network
end

end

This forces the user to sign in when using the external URL but allows them access without signing in when using the internal URL. This all works as expected. However I have some JavaScript that periodically requests data from the API in the same application. If the request comes from the external URL page everything is fine, but if it comes from the internal URL page I get a 401 unauthorized error. I am assuming that Devise is doing something to check if the request is coming from a signed in user and rejecting it because the user is not signed in. But I could be wrong. How should I get around this?
Any help would be much appreciated.

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 66,029+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2022 GoRails, LLC. All rights reserved.