Recently i had to make an HTTP call from the browser (client-side) using JavaScript / AngularJS to a REST API (server-side) and retrieve data. Since the authentication mechanism of the API required a security token to be passed over with the request, i studied AngularJS specs on how to do it best. Basically, there are two ways to do it, either as a:
- query parameter, or
- custom HTTP header
Because i didn’t wanted the security token to appear anywhere in the logs or debugging console (like on the picture below, in case of making use of option 1 just mentioned, ie. query parameter), i decided on passing the token as a custom (there’s no standard header for passing tokens) HTTP header.
Since i use Yeoman (app workflow/scaffolding tool) i noticed that through a standard angular-template used for generating an application scaffolding, you’re getting dependency on angular framework in version 1.0.7 (last stable version as of writing this post). Although this is what you would generally expect (stable version, not a snapshot), the problem is that angular documentation for $resource service (which is what i prefer to use over $http service), does not mention the possibility of sending HTTP headers (regarding $http – i think of it as a solution for rather “general purpose AJAX calls”).
One way to set HTTP headers is by accessing $httpProvider.defaults.headers configuration object, like this:
$httpProvider.defaults.headers.get['API-Token'] = 'vy4eUCqpQmGoeWsnHKwCQw'
(more documentation about that you’ll find here), but this way you’re modifying $httpProvider globally which may not be what you exactly want.
Google search came with help and i found issue 736, which acknowledges that “$resource should support custom http headers”, but it is with the (unstable) release 1.1.3 where this feature is supported for sure (maybe earlier “unstable” versions do support it too, haven’t checked that actually, but definitely none of the stable versions do, as of today).
So, what is it that you have to do in order to introduce an unstable version of AngularJS into your project managed by Bower?
bower install angular-unstable bower install angular-resource-unstable
(dependency on angular-resource.js is required in order for it to work).
Now, the only other thing left to do is to update your index.html file accordingly (to make use of proper version of libraries) :
<script src="bower_components/angular-unstable/angular.js"></script> <script src="bower_components/angular-resource-unstable/angular-resource.js"></script>
…and you can start adding custom HTTP headers in your code:
angular.module('usersService', ['ngResource'])
.factory('User', function($resource, api-token) {
var User = $resource('http://api.test.com\\:8080/1.0/users', { }, {
query: {
method: 'GET',
isArray: true,
headers: { 'API-Token': api-token }
}
});
return User
});
Hope this short post will save some of your time 🙂 Cheers!
Resources:
- AngularJS documentation of $resource (http://docs.angularjs.org/api/ngResource.$resource)
- AngularJS documentation of $http (http://docs.angularjs.org/api/ng.$http)
- AngularJS Issue 736 “$resource should support custom http headers” (https://github.com/angular/angular.js/issues/736)
mariuszprzydatek.com 