Adding http headers to window.location.href in Angular app

angularjs http oauth-2.0 http-headers window.location

britztopher · Jun 10, 2014 · Viewed 42.1k times · Source

I have a angular app that I needed to redirect outside to a non angular html page, so I thought I could just use the $window.location.hrefto redirect the angular app to my external site. This actually works fine, however, I have a nodejs/express backend that checks for auth token before serving up any content(even static content).

This requires a auth token to be sent in the header of the http request. Now the question:

Can/How do you add an auth token to the request that is made by changing the $window.location.href before it is sent off?

Answer

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value.

You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.

Adding http headers to window.location.href in Angular app

Answer

Related questions