How do I make AJAX request to actions that require authentication in Rails?

Question

I am trying to send an AJAX request to a Rails controller that uses before_filter to authenticate the user. The problem is when the request gets sent, the server asks for authentication even if the user is already logged in.

Here is my AJAX request:

$.ajax({
  type: 'DELETE',
  url: "/messages/delete_all",
  data: [1,2,4],
  success: function() {
        console.log("Your request is received.")
    }
});

When the user hits delete_all from the browser, it works, but with AJAX it doesn't. What gives?

EDIT: could it be related to the authenticity_token?

What kind of authentication do you use? Is it something like http-basic-auth? — Wukerplank, Mar 25 '11 at 07:28
Yeah, I think so. I am using Devise, but the pop up that I see is typical to http-basic-auth. — picardo, Mar 25 '11 at 07:30

score 1 · Accepted Answer · edited May 23 '17 at 11:47

1

Maybe this question will help: Using javascript with the twitter API

The solution proposed there should look something like this in your case

$.ajax({    
  type: 'DELETE',
  url: "/messages/delete_all",
  data: [1,2,4],
  beforeSend: function(xhr) {
    xhr.setRequestHeader("Authentication", "Basic  " + encodeBase64(username + ":" + password)
  },
  success: function() {
    console.log("Your request is received.")
  }
});

edited May 23 '17 at 11:47

Community

1
1

answered Mar 25 '11 at 10:54

polarblau

17,649
7
63
84

Is that secure? Also, where am I going to store and fine the username and password? The users login with facebook. – picardo Mar 25 '11 at 17:17
It's as secure as Basic Auth. Storing the password and username anywhere in plain text is a bad idea. If the user inputs the information directly it should be just fine IMO. – polarblau Mar 25 '11 at 21:28

How do I make AJAX request to actions that require authentication in Rails?

1 Answers1