0

I am creating a REST end point which need to redirect user to a page after checking Authorization Bearer token for authenticity of request. I have created the end point to redirect using Location header at server side. Till this point its good.

Now I am trying to simulate an action in html that can POST or GET to the above service by passing authorization header. How can i get this redirection working?

I have tried using XMLHttpRequest and ajax requests, but browser handles the redirect on its own and send back the target url content in the success callback. But i would want to open the new tab instead with target URL.

Pankaj Dwivedi
  • 159
  • 2
  • 13
  • Normally if you make an AJAX request it should just work, see https://stackoverflow.com/questions/282429/returning-redirect-as-response-to-xhr-request/2573589#2573589. How have you built your calling code and what happens? – ewramner Aug 05 '21 at 06:13
  • if you are using ajax, then you can pass headers from the JS. Either use the session to store the header value OR pass the authorization value in the url parameters – PHP Geek Aug 05 '21 at 06:17
  • @ewramner: through ajax, i am able to get the target URL content in success callback. But my requirement is, i want to open the url in new window instead of getting the response text back. Is there any way i can acheive that? – Pankaj Dwivedi Aug 05 '21 at 09:33
  • Update the question to make that clear and add what you have tried. That increases the chance of getting help. However, why don't you simply return the target URL as a normal response (not a redirect), get it in your JavaScript code and open a new window with that location? – ewramner Aug 06 '21 at 10:18
  • [ewramner](https://stackoverflow.com/users/2612030/ewramner) Thanks, I have updated the question with what i tried. Have tried ajax calls, but browser handles the redirection on its own and send backs the content of target url in success callback. I would want to redirect user to target URL in new tab. The option to send back target URL is there but since my api will be used by other customers, i wanted to minimize the set of steps required by them to access this api. But for now, looks like that is the only solution. Or I send the token as parameter instead of Auth header. Thoughts on this? – Pankaj Dwivedi Aug 07 '21 at 08:41

0 Answers0