I already found some posts regarding on how to send an image to a client with nodejs. However the in the backend I get the image from another url, where I need to pass an authentification header.
From the client, I want to access the response and the image what so ever, but this doesn't seem to work, as the response only shows the image binary encoded.
Any solutions to this? Or how would you access an image that is user:password protected on the server (so a basic auth header is required for that)
Related
I am trying to understand what information is sent to the target URL when making a fetch request with credentials set to include like so:
fetch(url, {credentials:include})
How does the server behind the target URL know to decode the credentials to validate authentication? I understand this may vary from scenario to scenario but trying to get a general understanding of the concept.
Thanks in advance!
I have a cms, where am using laravel as web api, angularjs for requests.
I have an iframe where I call to services with a direct link and put it usig trusted src function.
The main problem is, I can not use a normal http post request and hide parameters, because using http request will return data, not file, and the report api returns in headers, an html file, pdf ... etc) so when i get result to the success of my http request, it won't download pdf file, it will show special chars
in the i frame am calling the api like this :
"localhost/api/getreportService/"+$scope.brandid+"&"+$scope.customerid"
but that's cannot be secure, is there any way to hide the request here from users?
ok, I found a solution, I called the api via http post request then I used $sce tustAsHtml for the response, with a ng-bind-html in my template and the result is good now, the report is showing in the div,
Now all is safe, the user needs a token to access the report, and that's impossible without a login.
I have an api where you need to have a valid json web token to upload an image:
For example, I make a post (with the Authorization header to this url) to upload a photo:
http://localhost:3000/api/account/events/54f9b55254fb9f32306a26dd/sponsors/54fdb4212f67981b1f6a8665/logo
If I want to fetch an image I'll do a GET request to the same url, however, this won't work when using JWT because I can't send an Authorization header when fetching an image.
Is there a solution? The image cannot be made public until the user authorises it.
It is not clear why you can't send an Authorization header when making a GET request. Who is making that request? Do you want to load the image using an HTML image tag?
If so, you'll need to add authorization to your site and point the src attribute of that tag to an resource in your site that is protected by cookie auth. You can then have that resource implementation call your web API with the JWT token.
I am able to successfully retrieve metadata using the Dropbox API using the following URL:
https://api.dropbox.com/1/metadata/dropbox/mse
When I try to retrieve a thumbnail for a listed asset, I get a 401:
https://api-content.dropbox.com/1/thumbnails/dropbox/mse/modem_status.png?size=l
In both cases I am providing the access token in the header:
Authorization: Bearer 4JSL1tGWoVEAAAAAAAAAAUxNYpLbiYw-D8l3vqTKRKNBuGnezhps8j.....
I can't see what is missing here.
It turns out that an image is being returned - I was using POSTMAN to test the url and two urls show up in the log - the first returns a 200 with an image buffer containing JPEG data, and a subsequent url that fails with a 401. (the second GET does not contain the authorization header). However, I am at a loss as to how to make use of JPEG data returned from an XHR request - how am I supposed to create an <img> element this way? Isn't there something equivalent to /media which returns a public url that is valid for 4 hours?
I am redirecting user using window.location.href to a page that forces a file download using the following headers:
Content-Description: File Transfer
Content-Disposition: attachment; filename="foo"
As a result, user is not taken to the page, though asked if he wishes to proceed downloading the file.
How do I tell when the response from the server is received?
The user flow that I am trying to achieve:
Display loader.
"redirect" the user (with window.location.href).
Hide loader when response is received.
From your client side code, also pass an generated ID to the server, asking it to set a cookie for you to that value.
Your server side code should pass the cookie back with the downloaded file (in the HTTP headers).
Then you can poll for the cookie in your javascript after the redirect to see when the server has responded with a successful connection.