在 Angular 应用程序中将 http 标头添加到 window.location.href [英] Adding http headers to window.location.href in Angular app
问题描述
我有一个角度应用程序,我需要将它重定向到一个非角度的 html 页面,所以我想我可以使用 $window.location.href
将角度应用程序重定向到我的外部地点.这实际上工作正常,但是,我有一个 nodejs/express 后端,它在提供任何内容(甚至是静态内容)之前检查身份验证令牌.
I have a angular app that I needed to redirect outside to a non angular html page, so I thought I could just use the $window.location.href
to redirect the angular app to my external site. This actually works fine, however, I have a nodejs/express backend that checks for auth token before serving up any content(even static content).
这需要在 http 请求的标头中发送身份验证令牌.现在的问题:
This requires a auth token to be sent in the header of the http request. Now the question:
您可以/如何在发送之前通过更改 $window.location.href
向发出的请求添加身份验证令牌?
Can/How do you add an auth token to the request that is made by changing the $window.location.href
before it is sent off?
推荐答案
当您使用 $window.location.href
时,浏览器发出的是 HTTP 请求,而不是您的 JavaScript 代码.因此,您不能使用令牌值添加像 Authorization
这样的自定义标头.
When you use $window.location.href
the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization
with your token value.
您可以通过 JavaScript 添加一个 cookie 并将您的身份验证令牌放在那里.cookie 将自动从浏览器发送.但是,您需要查看使用 cookie 与标头的安全隐患.由于两者都可以通过 JavaScript 访问,因此没有额外的攻击向量.除非您在新页面加载后删除 cookie,否则可能存在 CSRF 漏洞利用.
You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.
这篇关于在 Angular 应用程序中将 http 标头添加到 window.location.href的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!