In Angular need to set Authorisation header before transfer

Question

$scope.downloadPDF = function (docId) {
        //Need the code to add the authorisation header before transfer
        var pdfURL = $rootScope.genericApiurl + 'servicetype/pdfDocument?docId=' + docId;
        $window.location.href = pdfURL;
    }

Tried setting $http.defaults.headers.common['Authorization'] = 'Basic' + authdata; but not working.

Nguyen Tran · Accepted Answer · 2016-05-13T02:00:13.850

0

When you use $window.location.href the browser will make HTTP request, not your code. So you cannot add authentication header for it.

I suggest that you could use a parameter ?token=auth_token instead.

There is another suggesstion (more secure):
You can generate a download token for each PDF file which will contain expire time and some information, the token will be encrypted. In server side (your api), you will get the token then you can decrypt it and check this token is valid or invalid. If it's valid you will return a FileContent type from your api.

E.g. yourdomain.com/api/document/aaa-bbb-ccc/download/xxxxxxxxxxxxxxxxx.yyyyyyyyyyyyyyyyy‌yyyyyyy

With:
xxxxxxxxxxxxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyy: token
aaa-bbb-ccc: documentId

edited May 13 '16 at 02:00

answered May 09 '16 at 02:27

Nguyen Tran

1,158
1
11
18

This has to be through Authorization header only, I can not transfer my token as a parameter or else I need to change the web api just for this call, which is not a good option, this also has security issues. Please share if you have any other options like using $resource etc. – Santanu May 09 '16 at 07:11
Oh, I understand your situation now. There is another option that you will generate a download token for each file pdf which will contain expire time and some information, the token will be encrypted. In server side (your api), you will get the token then you can decrypt it and check this token is valid or not. If valid you will return a FileContent type from your api. E.g. yourdomain.com/document/aaa-bbb-ccc/download/xxxxxxxxxxxxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyy. xxxxxxxxxxxxxxxxx.yyyyyyyyyyyyyyyyyyyyyyyy: token; aaa-bbb-ccc: documentId. – Nguyen Tran May 11 '16 at 15:37
Yes you got the point now, I just implemented this approach and its works like wonder. I will accept this as my solution, if you can elaborate this in your answer a little more. – Santanu May 11 '16 at 23:55

score 0 · Answer 2 · edited May 23 '17 at 12:16

0

Try out the following snippet

$http({method: 'GET', url: 'www.google.com/someapi', headers: {
    'Authorization': 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='}
});

source: https://stackoverflow.com/a/11876907/2134604

edited May 23 '17 at 12:16

Community

1
1

answered May 09 '16 at 02:33

Pandiyan Cool

6,381
8
51
87

PDF is not getting downloaded in this approach. Thats why I opted for $window.location.href. Do I have any feature available in $window to do this or may be $resource? – Santanu May 09 '16 at 07:07
then you can use params options to append your header – Pandiyan Cool May 09 '16 at 13:59
Can you please share with me an example? – Santanu May 10 '16 at 00:21

In Angular need to set Authorisation header before transfer

2 Answers2