Ask A Question


You’re not receiving notifications from this thread.

How do I switch off Devise authorization for API requests?

William Jones asked in Javascript

I have 2 URL's to access the same Rails application. One URL is internal to our network and does not require authentication. The other is accessible outside our network and does require authentication. I put the following code in the app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
before_action :authenticate_user!, if: :outside_the_network_is_true?


def outside_the_network_is_true? 'request.original_url[7..9] = ' + request.original_url[7..9]
outside_the_network = false
if request.original_url[7..9] == 'ops'
outside_the_network = true


This forces the user to sign in when using the external URL but allows them access without signing in when using the internal URL. This all works as expected. However I have some JavaScript that periodically requests data from the API in the same application. If the request comes from the external URL page everything is fine, but if it comes from the internal URL page I get a 401 unauthorized error. I am assuming that Devise is doing something to check if the request is coming from a signed in user and rejecting it because the user is not signed in. But I could be wrong. How should I get around this?
Any help would be much appreciated.

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 82,969+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.