Ya, it doesn't work. I already had that on.
THis is my onTaffyRequest.
function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers){
// need to satisfy CORS angular preflight checks
// if(LCase(Trim(verb)) eq "options") {
// return rep({status: "OK"}).withStatus(200, "OK");
// }
//allow white-listed requests through
if (listFindNoCase("authenticate,register",cfc)){
return true;
}
/* Extract the token from the authorization header */
/* auth header comes in the form of "Bearer <token>" */
if (!structKeyExists(arguments,"headers") || !structKeyExists(arguments.headers,"authorization")
|| (structKeyExists(arguments.headers, "authorization") && arguments.headers.authorization does not contain "Bearer")) {
return newRepresentation().noData().withStatus(401, "Not Authenticated. Please log in.");
} else {
requestArguments.jwtToken = listLast(arguments.headers.authorization," ");
if(!validateToken(requestArguments.jwtToken)){
return newRepresentation().noData().withStatus(403, "You do not have authorization to make this request. Please log in.");
}
}
//if a token is included, and valid, allow the request to continue
return true;
}