I'm using the express-jwt module on my node.js server to authorize users access to different requests. One of the request will ultimately be a file download with express res.download(file).
我在我的node.js服务器上使用express-jwt模块来授权用户访问不同的请求。其中一个请求最终将使用express res.download(file)进行文件下载。
The problem is that I can't do the request as I would usually do via AJAX (angular $http.get), as this will not trigger the required file download popup in the browser. Without AJAX though (window.open), I can't provide the necessary authorization header for express-jwt.
问题是我不能像通常通过AJAX(angular $ http.get)那样做请求,因为这不会在浏览器中触发所需的文件下载弹出窗口。如果没有AJAX(window.open),我无法为express-jwt提供必要的授权标头。
Any hint on how I can achieve my authorized file download from node.js with express and jwt-express?
有关如何使用express和jwt-express从node.js下载授权文件的任何提示?
1 个解决方案
#1
2
A possible solution would be to modify your server side to expect something in the header like before, but in case of absence of this header to look into the parameters of the request to see if the value you are looking for is not there instead. It would not change your previous behavior for the other endpoints but it would allow you to download the file with a window.open and a parameter in the url. You can also limit this possibility to the endpoints giving access to files for more security.
一种可能的解决方案是修改服务器端,以便像以前一样期待标题中的某些内容,但是如果没有此标题,请查看请求的参数,以查看您要查找的值是否不存在。它不会改变以前对其他端点的行为,但它允许您使用window.open和url中的参数下载该文件。您还可以将此可能性限制为允许访问文件以获得更高安全性的端点。
#1
2
A possible solution would be to modify your server side to expect something in the header like before, but in case of absence of this header to look into the parameters of the request to see if the value you are looking for is not there instead. It would not change your previous behavior for the other endpoints but it would allow you to download the file with a window.open and a parameter in the url. You can also limit this possibility to the endpoints giving access to files for more security.
一种可能的解决方案是修改服务器端,以便像以前一样期待标题中的某些内容,但是如果没有此标题,请查看请求的参数,以查看您要查找的值是否不存在。它不会改变以前对其他端点的行为,但它允许您使用window.open和url中的参数下载该文件。您还可以将此可能性限制为允许访问文件以获得更高安全性的端点。