In REST talk, html is one of many possible representations of a resource. Since the resource is unauthorized, no representation should be returned, html or otherwise. Instead, the client, instructed by the 401 status error, should take a different course of action, such as requesting a login page.
Most apps written in web frameworks will not return a 401, but instead redirect to the authorization page. This is possible in Liberator too, because nothing stops you from handling the authorization in the resource itself (handle-ok with logic).
This might be a breach of practice. I posted an issue on Liberator's github to ask for the opinion of people more knowledgeable in the recipes of RESTful cooking.
At any rate, the reason you see your html wrapped in a pre tag is the result of the following factors:
- Content negotiation is not available for unauthorized resources in Liberator. The 401's body is always of type text/plain.
- When you specify a html string as the response, it will render as is.
- When using Chrome development tools, upon inspecting the source, you will see the html string wrapped in a
pre
tag.
I hope this helps.