添加HTTP标头的角应用window.location.href [英] Adding http headers to window.location.href in Angular app
问题描述
我有我需要外界重定向到一个非角HTML页角的应用程序,所以我想我可以只使用 $ window.location.href
重定向角应用到我的外部网站。这实际工作正常,但是,我有一个的NodeJS / EX preSS后端即服务的任何内容(甚至是静态内容)之前检查身份验证令牌。
I have a angular app that I needed to redirect outside to a non angular html page, so I thought I could just use the $window.location.href
to redirect the angular app to my external site. This actually works fine, however, I have a nodejs/express backend that checks for auth token before serving up any content(even static content).
这需要一个身份验证令牌在HTTP请求的头被发送。现在的问题是:
This requires a auth token to be sent in the header of the http request. Now the question:
灿/你如何添加一个身份验证令牌到正在改变的请求的 $ window.location.href
之前发送它关掉?
Can/How do you add an auth token to the request that is made by changing the $window.location.href
before it is sent off?
推荐答案
当您使用 $ window.location.href
浏览器正在HTTP请求,而不是你的JavaScript code。因此,你不能添加自定义标题如授权
与令牌值。
When you use $window.location.href
the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization
with your token value.
您可以通过JavaScript添加一个cookie,并把你的身份验证令牌那里。该饼干将自动从浏览器发送。不过,你会想审查使用Cookie与一个头的安全隐患。由于这两种通过JavaScript是可访问的,没有额外的攻击媒介那里。除非您在新的页面加载后删除的cookie,有可能是一个CSRF攻击提供。
You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.
这篇关于添加HTTP标头的角应用window.location.href的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!