0

I've been pulling my hair out trying to figure out what I've missed; I'm using the simple-auth and simple-auth-token libraries (via ember-cli 0.2.3) and can't seem to get my app to set the appropriate Athentication: HTTP header. From what I've read, the most common oversight is people not setting the crossOriginWhitelist: property on the simple-auth ENV variable. However, even with a value of ['*'], I can't seem to get Ember to send the headers with my API requests. Mind you, I'm replacing a previous hand-rolled (though, half-baked!) auth solution, so I know my API server works and will authenticate, given the right credentials.

When I run the login action everything works flawlessly. If I hit a protected Ember route after that, it works fine as well. The problem comes when Ember-data tries to hit my API (at http://localhost:3000); it gets back a 401 (since it didn't set the Authorization: header) and transitions to the index of my site.

Here's the relevant sections of code:

config/environments.js

...

ENV['simple-auth'] = {
    authenticationRoute: 'login',
    authorizer: 'simple-auth-authorizer:token',
    crossOriginWhitelist: ['*']
};
ENV['simple-auth-token'] = {
    identificationField: 'email',
    passwordField: 'password',
    tokenPropertyName: 'token',
    authorizationPrefix: 'Bearer ',
    authorizationHeaderName: 'Authorization'
};
...

routes/login.js

import Ember from 'ember';

export default Ember.Route.extend({
  actions: {
    login: function(){
      var creds = this.controller.getProperties('identification', 'password');
      this.get('session').authenticate('simple-auth-authenticator:jwt', creds)
        .then(function() {
          // +
          }, function() {
          // -
      });
    }
  }
});

routes/application.js

import Ember from 'ember';
import ApplicationRouteMixin from 'simple-auth/mixins/application-route-mixin';

export default Ember.Route.extend(ApplicationRouteMixin);

Thanks in advance.

jackweinbender
  • 413
  • 2
  • 13

1 Answers1

0

In config/environment.js, try to add:

var ENV = {
  ...
  contentSecurityPolicy: {
    'default-src': "'none'",
    'script-src': "'self'",
    'font-src': "'self'",
    'connect-src': "'self' *",
    'img-src': "'self'",
    'style-src': "'self'",
    'media-src': "'self'"
  }
  ...
};
cyberserker
  • 13
  • 5
  • No dice, sadly. Could it be that my server just isn't sending the data back in a properly formatted way? It seems to be storing it in localstorage just fine—moreover, the key is set to `token` just as one would expect. – jackweinbender Apr 30 '15 at 17:31
  • Well, for the time being, I've just referenced the value in localStorage directly in my adapter and set the headers there. – jackweinbender May 04 '15 at 03:12