0

I want to send the authorization header when I view the webpage of a local IoT device (http://deviceip). The device uses an authorization header encoded in basic.

I have created a web server using Node.js and Express.js with a URL link to the device, but I have not been able to set the authorization header properly and end up with a login prompt.

I have been able to get it working by using a separate proxy server which sends the header upon request and changing the webserver's links to the proxy which sends the authorisation header.

proxy.on('proxyReq', function(proxyReq, req, res, options) { // allows you to alter the proxyreq request object to send authentication before connection
  proxyReq.setHeader('Authorization', auth); // sends Authorazition header auth
});

Is it possible to send the authorization header using a function in the web server when the URL is clicked as opposed to using the proxy?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
user3864066
  • 1
  • 1

1 Answers1

1

"Is it possible to send the Authorization header using a function in the web server when the URL is clicked as opposed to using the proxy?"

No, it's not possible. The reason is:

  1. The only way to add headers to a request from inside a browser ("the URL is clicked") is using the XmlHttpRequest (Ajax).[source]
  2. If it is an Ajax request, you can't fetch the html response and then re-render the whole page. Otherwise, it would bring huge security problem -- any JavaScript code in browser can send an Ajax request and show user a completely new page, which is perfect for phishing attack.
shaochuancs
  • 15,342
  • 3
  • 54
  • 62