(With apologies for cross posting; the Ember.js tag on SO doesn’t seem to get much attention… 
)
We’re looking at using Ember in an app that uses a backend API via ajax. In production that API will be provided by the same host as the Ember application itself, e.g. on an /api path or similar. But in development we want to use Ember’s dev server and so the /api would be on a separate host. So we set up Ember’s excellent integration of node-http-proxy:
ember generate http-proxy /api http://apiserver/path
The problem is that the API is on a Windows server using IIS with Windows integrated authentication. When we hit the /api path in the Ember app, it faithfully sends it on to the Windows server, but gets and passes back a 401 (Unauthorized) response.
We currently work around this by not using the proxy, but instead enabling CORS and having the app query the API server directly with an absolute URL. That works (if we’re doing it from Windows, the browser authenticates us automatically; if we’re doing it from *nix, Chrome pops up an authentication dialog and is happy for the remainder of the session once we fill in our info). But it’s a bit of a pain to maintain, esp. as we don’t need CORS support in production.
Is there a way to get Ember’s dev server and proxy to implement that authentication challenge/response so we can proxy the /api path instead? E.g., via passport.js or similar?
Thanks,
– T.J.