XMLHttpRequest and failed authorisation

Hi there

I’m writing a plugin for TeamCity that will interact with the Octopus api. In doing so, I’m having to deal with CORS (which is all sorted), but when authorisation fails, instead of returning 401 Unauthorized, it returns 303 See Other, and redirects to the /app/ url.

I can see why this would be okay from an Octopus UI point of view, but from an api consumer point of view, its not great. This is doubly an issue as the /app url does not return the Access-Control-Allow-Origin header (like the api does) so the browser blocks the redirect from happening. This means that the consumer (in an XMLHttpRequest world) gets a failed request, with no idea why. As far as I can tell, its not possible to prevent XMLHttpRequest from following a redirect so I cant prevent it that way.

Can you please investigate?

Thanks,
Matt

Hi Matt,

Thanks for getting in touch. I had a chat to the rest of the Octopus team and this isn’t expected. Are you able to provide a few examples and or a fiddler trace?

Thanks

Rob