我实现了REST后端(使用Spring引导)的AngularJS应用程序。
I am implementing an AngularJS app with a REST backend (using Spring Boot).
我目前可以下载的文件是这样的:
I can currently download a file like this:
<td><a href="/api/datasheets/{{datasheet.id}}/documents/{{document.id}}/download" download>Download</a></td>
现在,我加入安全(使用Spring安全性),以我的应用程序,这现在已不再有效。在AJAX的验证由HTTP头为每个请求添加 X-身份验证令牌
要求的作品。
Now, I am adding security (using Spring Security) to my application and this now no longer works. The authentication of the AJAX calls works by adding x-auth-token
in the HTTP header for each request.
但是,一个简单的的href
不具有 X-身份验证令牌
在ofcourse头。我试图用 $ http.get()
上的 NG-点击
,而that不可不工作。
But a simple href
does not have the x-auth-token
in the header ofcourse. I tried using $http.get()
on an ng-click
, but that cannot not work.
有一个简单的方法吗?
我有类似的问题,同时实现文件下载的角度。就我而言,我是不是能够处理BLOB在Safari。我所做的就是:创建一个处理程序,它返回一个下载令牌有效期为如5秒。只有经过身份验证的用户可以得到这个道理。一旦你的道理,调用不同的处理程序,该验证令牌后,返回文件和此处理是向公众开放。所以,你不需要发送认证头,同时下载文件。
I had similar problem while implementing file downloads in angular. In my case, I was not able to handle blob in safari. What I did was: create a handler which returns a download token valid for say 5 second. Only authenticated user can get this token. Once you have the token, call a different handler which returns the file after validating the token and this handler is publicly accessible. So you don't need to send authentication header while downloading file.
我用 itsdangerous库实施timstamped令牌。
I used itsdangerous library to implement timstamped token.
上一篇:而从C#转移到ExtJS的JSON数据的变化数据、转移到、ExtJS、JSON
下一篇:电话号码:selectCheckboxMenu“全选”不会调用AJAX监听器监听器、全选、电话号码、selectCheckboxMenu