5

I am implementing an AngularJS app with a REST backend (using Spring Boot).

I can currently download a file like this:

<td><a href="/api/datasheets/{{datasheet.id}}/documents/{{document.id}}/download" download>Download</a></td>

Now, I am adding security (using Spring Security) to my application and this now no longer works. The authentication of the AJAX calls works by adding x-auth-token in the HTTP header for each request.

But a simple href does not have the x-auth-token in the header ofcourse. I tried using $http.get() on an ng-click, but that cannot not work.

Is there a simple alternative?

Community
  • 1
  • 1
Wim Deblauwe
  • 19,439
  • 13
  • 111
  • 173

1 Answers1

1

I had similar problem while implementing file downloads in angular. In my case, I was not able to handle blob in safari. What I did was: create a handler which returns a download token valid for say 5 second. Only authenticated user can get this token. Once you have the token, call a different handler which returns the file after validating the token and this handler is publicly accessible. So you don't need to send authentication header while downloading file.

I used itsdangerous library to implement timstamped token.

Prakash Pandey
  • 189
  • 1
  • 2
  • 11