科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Using PDF.js viewer to display a pdf served by a protected resource - Stack Overflow

    javascript - Using PDF.js viewer to display a pdf served by a protected resource - Stack Overflow

    programmeradmin0浏览0评论

    I'm investigating how to use the pdfjs viewer to serve a PDF that is behind a protected resource.

    From my understanding, this would work if the resource allowed anonymous access: .js/web/viewer.html?file=/{id}

    The resource /{id} returns a response with content type application/pdf.

    However, that resource requres a OAuth2 token to be present in the authorization header. So is it possible to modify the headers created by the viewer, to include a authorization header and pass the token of the user?

    I'm investigating how to use the pdfjs viewer to serve a PDF that is behind a protected resource.

    From my understanding, this would work if the resource allowed anonymous access: https://app./pdf.js/web/viewer.html?file=https://app./pdf/{id}

    The resource https://app./pdf/{id} returns a response with content type application/pdf.

    However, that resource requres a OAuth2 token to be present in the authorization header. So is it possible to modify the headers created by the viewer, to include a authorization header and pass the token of the user?

    • javascript
    • pdf.js
    Share Improve this question edited Aug 5, 2018 at 18:07 Tommy Jakobsen asked Aug 3, 2018 at 9:50 Tommy JakobsenTommy Jakobsen 2,3616 gold badges41 silver badges67 bronze badges 5
    • How about building a proxy service transform authorization GET params to authorization headers? – Dat Tran Commented Aug 6, 2018 at 3:37
    • If you by "GET params" mean query string, and thus exposing authorization info in the URL, I don't think it's a viable solution. – Tommy Jakobsen Commented Aug 6, 2018 at 6:09
    • If you send the request with headers. You can still see it when debugging in the network. That's not the point I think. – Dat Tran Commented Aug 6, 2018 at 6:58
    • The headers are encrypted when using HTTPS. The URL is not. – Tommy Jakobsen Commented Aug 6, 2018 at 19:39
    • 1 Only the domain is not encrypted while DNS resolving. The URL is encrypted still. You can check stackoverflow./questions/499591/are-https-urls-encrypted for more information. So that, in case of man in middle or such. The URL is still safe. – Dat Tran Commented Aug 7, 2018 at 2:45
    Add a ment  | 

    1 Answer 1

    Reset to default 10 +100

    PDF.js can read file in Base64 format (example). So You can use Ajax / HTTP Client to download binary data with authorization header, convert to Base64 string then embed into PDF

    Edit: You can set HTTP headers to PDF getDocument function. So you can store access token in Web Storage, then get it in pdf viewer's page 

    var loadingTask = pdfjsLib.getDocument({
  url,
  withCredentials,
  httpHeaders: {
    authentication: "abcxyz",
  }
});

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论