I encountered the same issue here, and the backend engineer at my company implemented a behavior that is apparently considered a good practice : when a call to a URL returns a 401, if the client has set the header X-Requested-With: XMLHttpRequest
, the server drops the www-authenticate
header in its response.
The side effect is that the default authentication popup does not appear.
Make sure that your API call has the X-Requested-With
header set to XMLHttpRequest
. If so there is nothing to do except changing the server behavior according to this good practice…