ACL always return 401 errors even with 'aclErrorStatus: 403' set

[acourtiol]

Hello,

We're having the following issue.
We setted our config.json like this:

{
  "restApiRoot": "/api",
  "host": "0.0.0.0",
  "aclErrorStatus": 403,
  "port": 3389,
  "remoting": {
    "context": {
      "enableHttpContext": true
    },
    "rest": {
      "normalizeHttpPath": true,
      "xml": false
    },
    "json": {
      "strict": true,
      "limit": "100kb"
    },
    "urlencoded": {
      "extended": true,
      "limit": "100kb"
    },
    "cors": {
      "origin": true,
      "credentials": true
    },
    "errorHandler": {
      "disableStackTrace": false
    }
  },
  "legacyExplorer": false
}

But we're still receiving those kind of 401 errors:

{
  "error": {
    "name": "Error",
    "status": 401,
    "message": "Authorization Required",
    "statusCode": 401,
    "stack": "....."
  }
}

[raymondfeng]

Based on this code https://github.com/strongloop/loopback/blob/master/lib/application.js#L341-L385 https://github.com/strongloop/loopback/blob/master/lib/application.js#L341-L385, if the access token is not valid, you’ll still get 401. 403 only happens if the request is rejected by ACLs.

Thanks,

---

Raymond Feng
Co-Founder and Architect @ StrongLoop, Inc.

StrongLoop http://strongloop.com/ makes it easy to develop APIs http://strongloop.com/mobile-application-development/loopback/ in Node, plus get DevOps capabilities http://strongloop.com/node-js-performance/strongops/ like monitoring, debugging and clustering.

On Jul 10, 2015, at 8:33 AM, Alexandre Courtiol notifications@github.com wrote:

Hello,

We're having the following issue.
We setted our config.json like this:

{
"restApiRoot": "/api",
"host": "0.0.0.0",
"aclErrorStatus": 403,
"port": 3389,
"remoting": {
"context": {
"enableHttpContext": true
},
"rest": {
"normalizeHttpPath": true,
"xml": false
},
"json": {
"strict": true,
"limit": "100kb"
},
"urlencoded": {
"extended": true,
"limit": "100kb"
},
"cors": {
"origin": true,
"credentials": true
},
"errorHandler": {
"disableStackTrace": false
}
},
"legacyExplorer": false
}
But we're still receiving those kind of 401 errors:

{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "....."
}
}
—
Reply to this email directly or view it on GitHub #1513.

[Amir-61]

I believe your question has been answered; I'm closing this issue; however if this issue still persists, please leave a comment and reproduce the issue using our loopback-sandbox and we will re-open the issue for you.

Thanks!