Angular.js-使用$ window.open重定向发送授权标头 [英] Angularjs - Send authorization header in redirection with $window.open
问题描述
如标题中所述,我想从位于localhost:port1的angularJs应用程序重定向到localhost:port2中的另一个angularJs应用程序.
这两个应用程序使用openid-connect服务器和此 angualrjs指令进行保护.
问题是,当我登录第一个应用程序并且执行重定向到第二个应用程序时,它告诉我重新登录,就像我未通过身份验证一样.
所以我想出了解决此问题的方法:我在重定向URL中发送了access_token,并在第二个应用程序中使用了它..
但是我读到,在URL中公开access_token是一种不好的做法.
所以我的问题是,有没有一种方法可以使用$ window.open(url)..发送带有重定向的授权标头?
谢谢.
否,您无法设置标头,因为您收到的标头来自后端.您只是要求浏览器更改网址.而且您不想将access_token放在url中(明智的做法).
我想到的解决方案是在 不是特定于端口 .因此,当第二个angularjs应用程序启动时,它可以检查cookie以查看身份验证令牌是否存在,如果存在,则它不会进入登录页面.
As mentioned in the title, I want to perform a redirection from an angularJs application residing in localhost:port1 to another angularJs application in localhost:port2.
The two application are secured using openid-connect server and this angualrjs directive.
The problem is when I'm logged in the first app and I perform a redirection to the second app, it tells me to re-sign in as if i'm not authenticated.
So I've figured a workaroud for this problem: I sent the access_token in the redirect url and used it in the second app..
But I read that it's a bad practise to expose the access_token in the URL ..
So my question is is there a way to send an authorization header with redirection using $window.open(url) .. ?
thanks is advance .
No, you cannot set a header because the header you receive, is coming from back-end. You just ask the browser to change the url. And you do not want to put access_token in the url (wise action).
The solution that comes to my mind is to write the access_token in session-storage. It is safe because it is only accessible to current tab. The second angularjs application can check the session-storage on start-up and use it if it exists.
Update: Session storage is port specific so it does not work on this case:
The second solution would be using cookies, unlike sessionStorages, cookies are not port specific. So when the second angularjs application comes up, it can check the cookies to see if the authentication token exists or not, if it exists then it does not goto sign-in page.
这篇关于Angular.js-使用$ window.open重定向发送授权标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
