Menu
When the user logs into my app, he can click on a button to download a CSV file from the server. This URL for the download is protected using basic authentication. When I do this :
window.open('http://url-of-the-csv-file');
The browser shows a username/password popup (Basic Authentication)
I want to be able to open the URL without asking the user to enter his password a second time. How do I do that ?
712
You can not add any headers in the HTTP GET request performed by window. open. The secure way to make an authenticated request is to set the authentication token into a request header, and avoid exposing it into the URL, as my previous answer suggested (I have learned a some things since then).
We can do HTTP basic authentication URL with @ in password. We have to pass the credentials appended with the URL. The username and password must be added with the format − https://username:password@URL.
open() The open() method of the Window interface loads a specified resource into a new or existing browsing context (that is, a tab, a window, or an iframe) under a specified name.
If you know basicAuth credentials of your looged-in user, you could fill in them in the URL:
https://user:password@url-of-the-csv-file
If your app is in open web, do it ONLY if the target is on HTTPS, because such request including credentials will be readable for anyone eavesdropping your wires. This also applies to the other (javascript) answer.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
