Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Add authorization header to clicked link

I am new to Angular and inherit an old version so bear with me.

My Angular 1.5.7 application needs to get files from my API server that is protected by Bearer Token Authentication https://somedomain.com/api/doc/somefile.pdf. So I need to set a header like this: Authorization: Bearer xxxxxxxxxxxx.

I have tried to request files with Postman and setting the header Authorization: Bearer xxxxxxxxxxxx and that works.

In Angular 1.5.7 I have in a view.html a link like this <a href="{{url}}" ng-show="url" target="_blank"> PDF</a> where {{url}} = https://somedomain.com/api/doc/somefile.pdf.

The problem is that I don't know how to add a header to the link. I think it is not possible. I have to make a link like this: <a>PDF</a> and when clicked Angular takes over, open a new window and load the file there.

I have looked at these Stack overflow questions that might solve my problem, but honestly I don't know how to implement the solutions:

  • Add HTTP Header in JavaScript to requests for images
  • Set HTTP header for one request

UPDATE

My solution was to make a directive with the code below. It works because when clicking the link the current window already has set the authorization header and therefore access to the file is granted.

<a href="https://somedomain.com/api/doc/somefile.pdf" ng-click="openPdf($event)">PDF</a>

function openPdf($event) {
    // Prevent default behavior when clicking a link
    $event.preventDefault();

    // Get filename from href
    var filename = $event.target.href;

    $http.get(filename, {responseType: 'arraybuffer'})
    .success(function (data) {
        var file = new Blob([data], {type: 'application/pdf'});
        var fileURL = URL.createObjectURL(file);

        // Open new windows and show PDF
        window.open(fileURL);
    });
}
like image 881
Cudos Avatar asked Jul 17 '18 10:07

Cudos


People also ask

How do I pass the Authorization header?

To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.

How is Auth header added to your HTTP call?

It is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.

Does browser automatically send Authorization header?

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.

How do I add auth token in header?

The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value. For added security, store it in a variable and reference the variable by name.


1 Answers

You can't use interceptors. Clicked link will be processed by browser request, not the system. You need attach click event handler ( with event.preventDefault() method ) to this link and send get request with your own function. Which will add headers to the request

like image 60
Timothy Avatar answered Oct 03 '22 04:10

Timothy