前言
项目渗透性测试报出问题:请求url后面不允许带上token,解决方案是将token放在请求头的Authorization中
问题
问题:原先下载资源的方式是window.location.url = url 浏览器完成下载,发现document请求无法设置请求头
解决:重写下载
function downloadFile (url,fileName) {//fileName必须要
var xhr = new XMLHttpRequest();
xhr.open('GET',url,true);
xhr.setRequestHeader('Authorization',window.sessionStorage.getItem('token'));
xhr.responseType = 'blob';
xhr.onload = function (e) {
if(this.status == 200) {
var blob = new Blob([this.response],{type:'text/plain;charset=utf-8'});
if('download' in document.createElement('a')){//非IE下载
var url = window.URL.createObjectURL(blob);
var a = document.createElement('a');
a.href = url;
a.download = fileName;
a.click();
window.URL.revokeObjectURL(url)
}else{//IE10+下载
navigator.msSaveBlob(blob,fileName)
}
}
}
}