Restful Authentication Bug in Internet Explorer Written February 25, 2009

There's a bug when using Restful Authentication with Internet Explorer which causes Internet Explorer to open an HTTP Authentication dialog box named "Web Password" rather than redirecting to the login page.

According to Rick Olson (as per this post), the problem is that Internet Explorer sometimes sends a blank HTTP Accept header which makes the format.any in the access_denied method in authenticated_system.rb trigger. The fix is to change format.any to format.any(:xml, :json).

So the fix is to change: 

format.any do
    request_http_basic_authentication 'Web Password'
end

to: 

format.any(:xml, :json) do
    request_http_basic_authentication 'Web Password ...
427 comments Tags: ie rails restful_authentication