This will be a lot better with Unpoly 2 since it allows deeper integration into responses as well as arbitrary redirects, but I can think of two possible options here:
1. Don't return 401, but rather return a redirect to the login page. Maybe do it conditionally on Unpoly requests? Set a fail target on your elements for `body` as well.
2. Set a header when setting 401 that indicates a redirect to the login page, and then setup a listener for `up:proxy:loaded`. Check for that header and then set window.location if necessary.
If you're returning 401 without setting WWW-Authenticate header, that might be hiding more issues than solving.