1

I'm trying to make a multipage web app that uses json web tokens for authentication. Using JWTs for single page apps is fairly trivial as you just set the headers on an XHR and send it off, but setting the headers for regular browser requests seems somewhat more difficult.

It would be possible to use query strings here, but it'd be better to use headers.

Is it possible to set regular browser request headers from javascript? Specifically the Authorisation header. If so, how is it done? Or is it prevented due to some massive security pitfall it would introduce?

Improve this question

1 Answer 1

Reset to default
1

"Is it possible to set regular browser request headers from javascript?"

Short answer. No. Not for standard anchor links or form submit behaviour. This is a long standing "issue" with traditional multipage apps. I use quotes around "issue" because...

Long Answer. There are likely other ways to achieve your goal.

  1. Use hidden form fields if your doing a form submit style post and redirect.
  2. Use cookies and read those values on the server, this is the way a lot of session based web browser authentication works.
  3. Do something clever with an ajax call that post to resource that response back with a success message object with a route to navigate to on success (and maybe one for failure). Just as an example. You could probably take advantage of server repsonse codes (http 302) etc.
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Number 3 is what I'm trying to do. Post an XHR with credentials that returns a JWT on success and stores it in session storage then redirects to a protected resource (easy). Setting a header in the redirect request, and subsequent requests, with the content of the JWT (hard). Or is it just not possible?
Are there any drawbacks to putting the token in a cookie? Because that gives me the functionality I'm after.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.