2

I'm trying to add a custom header to my sessions controller:

class SessionsController < Devise::SessionsController
  after_filter :allow_origin_header

  def create
    ...
    sign_in(resource_name.to_s, resource)
    respond_with...
  end

  private

  def allow_origin_header
    ...
      response.headers['some_header'] = 'some_value'
    ...
  end
end

This works correctly when user is signed in successfully. But if not, the header isn't added. I guess that it's because of "sign_in"; it interrupts execution flow and returns custom message from Devise (email or password is invalid).

Then I've created middleware that adds my header to the response, but it's not working for me either. Looks like devise goes around all middlewares.

So, how can I add custom header for devise's response?

Johnny Bones
  • 8,786
  • 7
  • 52
  • 117
yanzay
  • 151
  • 8

1 Answers1

0
class SessionsController < Devise::SessionsController
  after_filter :allow_origin_header_filter, :only => :new

  def create
    ...
    sign_in(resource_name.to_s, resource)
    respond_with
    ...
    allow_origin_header
  end

  private

  def allow_origin_header_filter
    allow_origin_header if failed_login?
  end

  def allow_origin_header
    ...
      response.headers['some_header'] = 'some_value'
    ...
  end

  def failed_login?
    (options = env["warden.options"]) && options[:action] == "unauthenticated"
  end 
end

This answer explains in more detail: Devise log after auth failure

Community
  • 1
  • 1
Thiago Silveira
  • 5,033
  • 4
  • 26
  • 29