One thing that I notice is that if I copy from the browser debugger the curl equivalent of a request that returns 302, and issue the curl command with and without the User-Agent header:
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0' I receive 302 if the curl request includes the user agent, and 401 otherwise. I don't think this helps for browser AJAX requests, though. On Monday, February 27, 2017 11:38 AM, John Logan <john.lo...@texture.com> wrote: > I'm running into an issue where I've created a Sling servlet that > queries nodes and returns a JSON result. My web application uses > the form-based AuthenticationHandler to establish a session, and > then fetches the resource provided by my servlet. [snip]