Adding http headers to window.location.href in Angular app

angularjs http oauth-2.0 http-headers window.location
48,257

Solution 1

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value.

You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.

Solution 2

This answer is NOT a safe way, as the token is exposed in the URL, which is logged in browser history, access logs, etc. Use a domain cookie instead. I'll leave the answer as it can be an easy way to debug in your local setup.

I am using JWT as authentication on a Laravel PHP backend, and it works by putting ?token=... in the URL. For example, when using AngularJS with satellizer plug-in, I add ?token=' + $auth.getToken() to the URL.

Share:
48,257
britztopher
Author by

britztopher

Updated on May 06, 2020

Comments

  • britztopher
    britztopher almost 4 years

    I have a angular app that I needed to redirect outside to a non angular html page, so I thought I could just use the $window.location.hrefto redirect the angular app to my external site. This actually works fine, however, I have a nodejs/express backend that checks for auth token before serving up any content(even static content).

    This requires a auth token to be sent in the header of the http request. Now the question:

    Can/How do you add an auth token to the request that is made by changing the $window.location.href before it is sent off?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

$http response Set-Cookie not accessible
Download text/csv content as files from server in Angular
HTTP Post oAuth 2 "Check the `grant_type` parameter"
Headers not being set on http Flutter
Flutter - VideoPlayer - Support http headers while constructing video controller from network datasource
flutter - no json is sent in the body of my http post
How can I add multiple headers in Flutter GET Api request
How to POST in Flutter with cookie or session?
Angular 2 HTTP get handling 404 error
Angular JS and Twitter API, how can we hook them up