API | Laravel Framework | Tutorials

David Carr

Laravel returns 302 for unauthenticated calls

I've started to secure API calls with Laravel Airlock, when calling a route that's been secured with the middleware auth:airlock unauthenticated calls we're returning a status code of 302 means the route has been found. When 401 unauthenticated should have been returned.

Turns out it was not a Laravel Airlock issue but how Laravel handles ajax calls in order for an API call to be treated as an API call it requires a header called Accept and a value of application/json. With this heading in place, 401 will be returned for unauthenticated calls.

Support my work by donating with PayPal.

Subscribe to my newsletter

Subscribe and get my books and product announcements.

© 2009 - 2020 DC Blog. All code MIT license. All rights reserved.