In my JS/HTML5 Project with angularjs, I have implemented protection for my API by setting an authorization token in the HTTP header. Now, I am also looking to secure access to images stored on the server.
While I know how to accomplish this on the server side, I am unsure how to add HTTP headers to image requests in angular or JavaScript. We have successfully added the headers to API requests within our services ($resource), but I am seeking guidance on how to do the same for image requests.
In the realm of Angular 1.2, there exist numerous methods to achieve this task. To streamline the process in Angular 1.2, I suggest utilizing an http interceptor to sanitize outgoing requests and append headers.
// Implementing an interceptor as a service.
app.factory('myInterceptor', function($q) {
return {
// Intercepting requests on their way out.
request: function(config) {
var myDomain = "http://whatever.com";
// (optional) If the request is directed towards your target domain,
// THEN include your header, otherwise leave it as is.
if(config.url.indexOf(myDomain) !== -1) {
// Add the Authorization header (or custom header) here.
config.headers.Authorization = "Token 12309123019238";
}
return config;
}
}
});
app.config(function($httpProvider) {
// Link the interceptor by name in the configuration.
$httpProvider.interceptors.push('myInterceptor');
});
If working with Angular 1.0.X, you will have to set the headers more globally in the common headers...
$http.defaults.headers.common.AuthenticationTo achieve this, you will have to craft a directive, and things might get a bit complex.
You will need to:
<img/> tag, or generates it.$http service to request the image (thus utilizing the aforementioned http interceptor). You will have to analyze the extension and set the appropriate content-type header, for instance: $http({ url: 'images/foo.jpg', headers: { 'content-type': 'image/jpeg' }).then(...)src attribute of your image element as a data source like this: <img src="data:image/jpeg;base64,9hsjadf9ha9s8dfh...asdfasfd"/>... this process may become intricate.
It would be advantageous if your server does not secure the images.
As mentioned in this post, you have the option to utilize angular-img-http-src (
bower install --save angular-img-http-srcUpon reviewing the provided code, it makes use of URL.createObjectURL and URL.revokeObjectURL which are still in draft status as of April 19, 2016. It is advisable to check if your browser supports these features.
To make use of this functionality, you must declare 'angular.img' as a dependency in your app module (
angular.module('myapp', [..., 'angular.img'])http-src attribute for the <img> tag.
For instance:
<img http-src="{{myDynamicImageUrl}}">Of course, this assumes that you have implemented an interceptor using $httpProvider.interceptors.push to include your custom header, or that you have statically set your header for all requests using $http.defaults.headers.common.MyHeader = 'some value';
After encountering a similar issue, we implemented a custom ng-src directive to resolve it.
Our solution involved creating a secure-src directive that functions similarly to ng-src, with the added feature of appending a query parameter containing the local authentication header to the URL.
In addition to checking the header, the server-side code serving the resources was updated to validate the query parameters. The authentication process for the token included in the query parameter may vary slightly, such as allowing a time window after a normal REST request for such a request to be accepted, considering that the URL can be stored in the browser history.
Quoted directly from the official documentation found at: http://docs.angularjs.org/api/ngResource/service/ $resource
How to Use
$resource(url, [paramDefaults], [actions]);
[...]
actions: Collection with defined custom actions to enhance the default resource actions. The layout should follow $http.config format:
{action1: {method:?, params:?, isArray:?, headers:?, ...},
action2: {method:?, params:?, isArray:?, headers:?, ...}, ...}
For more information on the $http service:
http://docs.angularjs.org/api/ng/service/$http#usage_parameters
It has been noted here that Firefox has support for the httpChannel.setRequestHeader method:
// Adding a "X-Hello: World" header to the request
httpChannel.setRequestHeader("X-Hello", "World", false);
The code example above showcases a variable called httpChannel which refers to an object that implements nsIHttpChannel. (The variable could technically have any name.)
The setRequestHeader method requires 3 parameters. The first one is the name of the HTTP request header. The second one is the value of the HTTP request header. And for now, the third parameter can be set to false in all cases.
However, this feature appears to be exclusive to Firefox as highlighted in this source.
Alternatives include using Cookies for value passing and retrieval as a cookie instead of an HttpHeader, or utilizing ajax to access images with a custom header.
For further information, check out these additional sources:
Currently running a project on Node and utilizing React for the front-end, I have encountered an issue with setting .env variables. The project is built with Material UI, and most TextFields are working as expected with their specified validation rules. ...
Below is an if statement that I have devised: var TotalMoney=0; var Orbs=0; if (TotalMoney.length==2) { Orbs+=1; } The intention behind this code snippet is to increase the value of "Orbs" by 1 when the digit length of "TotalMoney" equals 2. However, it& ...
Currently, I am working on a website using AngularJs Material sidenav. My goal is to make both md-sidenav and md-content appear as one page, without any scroll bars showing up when the height of one element exceeds that of the other. How can I achieve th ...
Delving into the world of vue.js, I find myself pondering over how to incorporate a download link in my webpage for a CSV file stored locally. In my component Template.vue, I have the following structure: <a :href="item.loc" download> {{item.title ...
When using Angular JS, the first value needs to be left empty. <thead> <tr ng-repeat="(key, value) in reports"> <th> </th> <th ng-if="$parent.$index==0" ng-repeat="data in value">{{$index+1}}</ ...
I am having an issue with a bootstrap modal that I am using as an instruction guide. My goal is to keep it fixed at the top-right corner of the viewport, so I tried using the fixed position. However, when I do this, the modal turns grey. On the other han ...
In my Laravel blade file, I have an array that I am accessing in JavaScript like this: var data = {!! json_encode($data) !!}; When I check the console, the variable is displayed as seen here: variable data console print Additionally, I'm retrieving ...
{ "entries": [ { "id": 23931763, "url": "http://www.dailymile.com/entries/23931763", "at": "2013-07-15T21:05:39Z", "message": "I ran 3 miles and walked 2 miles today.", "comments": [], "likes": [], ...
I utilized the interact.js library to create this code snippet, which functions perfectly on Chrome, Firefox, and w3schools "Try it Yourself" platform (unfortunately not compatible with Edge and IE for unknown reasons). However, when I include this code wi ...
$(function(){ $(window).scroll(function () { var scrollVal = $(this).scrollTop(); var adscrtop =$(".header").offset().top // 在 RWD 767以下不作動 if(window.screen.width>767){ if(sc ...
Scenario Within the file ts/app.ts, the following function exists: function foo() { console.log('Hello Word'); } After successful compilation with Webpack, it generates a file named bundle.js. To load this file, use the following script tag ...
Currently, I am making use of the Mobx Persist Store plugin which allows me to store MobX Store data locally. Although the documentation does not provide a TypeScript version, I made modifications to 2 lines of code (one in the readStore function and anot ...
I am currently working with the following article schema: var articleSchema=new Schema({ id : Number, title : String, sefriendly : String, created : Date, categories: [ { id: Number, name: String, ...
My goal is to pass a JSON string from Javascript to a C# .exe as a command line argument using node.js child-process. The JSON I am working with looks like this: string jsonString = '{"name":"Tim"}' The challenge lies in preserving the double q ...
I am looking for a way to link the output of my function with the child template. methods object methods: { filterOptions(checkedValues: any) { let filtered = this.cards.filter(card => { return card.profile .map(prof ...
Attempting to incorporate sound files into my project using https://github.com/joshwcomeau/redux-sounds but encountering difficulties in getting it to function. Below is the code snippet I utilized for setup. Unsure if webpack is loading the files correctl ...
I've been encountering an issue for the past 3-4 hours and have sought solutions in various places like here, here, here, etc... However, I am unable to get it to work in my specific case: var timer_slideshow = {}; var that, that_boss, has_auto, el ...
Within my gridview control, there are 4 columns, with one column being invisible which contains the Email Address information. <asp:GridView id='gridData' runat='server'> <Columns> <asp:TemplateField> ...
In my input field, I have specified: <input type="number" step="0.01"> I expect all of these input values to produce the following outputs: 2.00 => 2.00 2,00 => 2.00 +2,00 => 2.00 However, when entering the value "+2.00", it fail ...
It seems that I have encountered a limitation of statically generated sites. Currently, I am utilizing Gatsby to generate pages in a static manner. The process involves: Pulling data from the CMS where we set an end time for a countdown timer, such as two ...