Dont redirect to authorization url if accept type is application/json. #128
Assignees
Labels
enhancement
New feature or request
Comments
|
And as well if header x-requested-with is set to XMLHttpRequest |
dniel
added a commit
that referenced
this issue
Sep 25, 2019
If one of them is set then just show 403 forbidden instead of redirect to auth0 for login.
dniel
added a commit
that referenced
this issue
Sep 25, 2019
This was referenced Jan 24, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To stop redirecting to the login page of Auth0 when rest ajax clients does requests, check if the accept type of the request is application/json and just deny access instead of redirecting to html-page.
A ajax javascript client will not manage to do anything useful with the login page of Auth0.
Its better just to stop accepting and wait for better times.
Some helpful libraries also set x-requested-with to XMLHttpRequest to indicate that its a ajax call from a library.
The text was updated successfully, but these errors were encountered: