Hi there
I’m writing a plugin for TeamCity that will interact with the Octopus api. In doing so, I’m having to deal with CORS (which is all sorted), but when authorisation fails, instead of returning 401 Unauthorized
, it returns 303 See Other
, and redirects to the /app/
url.
I can see why this would be okay from an Octopus UI point of view, but from an api consumer point of view, its not great. This is doubly an issue as the /app
url does not return the Access-Control-Allow-Origin
header (like the api does) so the browser blocks the redirect from happening. This means that the consumer (in an XMLHttpRequest world) gets a failed request, with no idea why. As far as I can tell, its not possible to prevent XMLHttpRequest from following a redirect so I cant prevent it that way.
Can you please investigate?
Thanks,
Matt