diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb
index 6ac7ff6b..9127764f 100644
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -79,7 +79,7 @@ module Devise
       if request.xhr?
         Devise.http_authenticatable_on_xhr
       else
-        !Devise.navigational_formats.include?(request.format.to_sym)
+        !(request.format && Devise.navigational_formats.include?(request.format.to_sym))
       end
     end
 
@@ -90,7 +90,8 @@ module Devise
     end
 
     def http_auth_body
-      method = :"to_#{request.format.to_sym}"
+      return i18n_message unless request.format
+      method = "to_#{request.format.to_sym}"
       {}.respond_to?(method) ? { :error => i18n_message }.send(method) : i18n_message
     end
 
diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb
index ddb6f128..6cf82b4d 100644
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -77,6 +77,11 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal 401, @response.first
     end
 
+    test 'return 401 status for unknown formats' do
+      call_failure 'formats' => []
+      assert_equal 401, @response.first
+    end
+
     test 'return WWW-authenticate headers if model allows' do
       call_failure('formats' => :xml)
       assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]