Dont redirect to authorization url if accept type is application/json.

[dniel]

To stop redirecting to the login page of Auth0 when rest ajax clients does requests, check if the accept type of the request is application/json and just deny access instead of redirecting to html-page.

A ajax javascript client will not manage to do anything useful with the login page of Auth0. Its better just to stop accepting and wait for better times.

Some helpful libraries also set x-requested-with to XMLHttpRequest to indicate that its a ajax call from a library.

[dniel]

And as well if header x-requested-with is set to XMLHttpRequest