Home/ Questions/Q 3497526
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T12:22:52+00:00

I am overriding Devise’s failure response so that I can set a 401 status

  • 0

I am overriding Devise’s failure response so that I can set a 401 status code. However, when the user fails to sign in, they are redirected to a page with a “you are being redirected” link. If I remove this :status => 401 from the redirect it works fine. 

class CustomFailure < Devise::FailureApp
    def redirect_url
      new_user_session_url(:subdomain => 'secure')
    end

    def respond
        if http_auth?
           http_auth
        else
           store_location!
           flash[:alert] = i18n_message unless flash[:notice]
           redirect_to redirect_url, :status => 401
        end
    end
end

edit

Alternatively I would like to display the flash message and remain on the same page but adding this line of code: 

render :text => "unauthorized", :status => 401

causes ruby to complain: 

undefined method `render' for #<CustomFailure:0x00000103367f28>

What’s happening here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Proper HTTP statuses for a redirection are in the 30x form (301 and 302 being the most frequently used). By default, the redirect_to helper sets a 302 status header on the HTTP response. If you override that and set that to a 401, your web browser will assume that the response is a regular web page and will render the response body –which, in a redirection, is the boilerplate text “You are being redirected”.

    • 0