that does not work all that well!
So here is my simple solution, if we get an auth denied on a XHR request, just return a generic error!
class ApplicationController < ActionController::Base protect_from_forgery check_authorization rescue_from CanCan::AccessDenied do |exception| if request.xhr? render :json => ['You are not authorised to do that.'], :status => :unprocessable_entity else redirect_to '/', :alert => exception.message end end ... end