我实现了REST后端（使用Spring引导）的AngularJS应用程序。

I am implementing an AngularJS app with a REST backend (using Spring Boot).

我目前可以下载的文件是这样的：

I can currently download a file like this:

<td><a href="/api/datasheets/{{datasheet.id}}/documents/{{document.id}}/download" download>Download</a></td>

现在，我加入安全（使用Spring安全性），以我的应用程序，这现在已不再有效。在AJAX的验证由HTTP头为每个请求添加 X-身份验证令牌要求的作品。

Now, I am adding security (using Spring Security) to my application and this now no longer works. The authentication of the AJAX calls works by adding x-auth-token in the HTTP header for each request.

但是，一个简单的的href 不具有 X-身份验证令牌在ofcourse头。我试图用 $ http.get（）上的 NG-点击，而that不可不工作。

But a simple href does not have the x-auth-token in the header ofcourse. I tried using $http.get() on an ng-click, but that cannot not work.

有一个简单的方法吗？

推荐答案

我有类似的问题，同时实现文件下载的角度。就我而言，我是不是能够处理BLOB在Safari。我所做的就是：创建一个处理程序，它返回一个下载令牌有效期为如5秒。只有经过身份验证的用户可以得到这个道理。一旦你的道理，调用不同的处理程序，该验证令牌后，返回文件和此处理是向公众开放。所以，你不需要发送认证头，同时下载文件。

I had similar problem while implementing file downloads in angular. In my case, I was not able to handle blob in safari. What I did was: create a handler which returns a download token valid for say 5 second. Only authenticated user can get this token. Once you have the token, call a different handler which returns the file after validating the token and this handler is publicly accessible. So you don't need to send authentication header while downloading file.

我用 itsdangerous库实施timstamped令牌。

I used itsdangerous library to implement timstamped token.