Currently, any unauthorized API requests that pass through the `auth` middleware get a redirect to the login page. Adding the `wantsJson` flag to the conditional corrects this behavior.