The thread suggests solution: use authenticated do … blocks in routes.rb instead of before_action :authenticate_user! in controllers.
It’s probably a good idea to do this anyway to avoid divulging the existence of routes that unauthenticated users don’t need to know exist. (They will get a 404 instead of a 401.)
The thread suggests a workaround: use authenticated do … blocks in routes.rb instead of before_action :authenticate_user! in controllers.
It’s probably a good idea to do this anyway to avoid divulging the existence of routes that unauthenticated users don’t need to know exist. (They will get a 404 instead of a 401.)