13

Can someone help me settle an argument with a coworker?

So let's say there is a REST interface that returns a PDF representation of an resource...but it requires the authorization header in order to authorize that you have access to the document in question.

And let's say there is a link on the page that redirects to this endpoint to serve up the document. He thinks you can add a header to the HTTP request that goes out when you click on the link (a regular old anchor tag) with onclick without making an xhr call.

I told him that you would have to use an xhr call to add headers, and that even then you would receive a byte stream back, which without using a blob and an object url or a data uri you wouldn't be able to display it in a new tab or start a download.

Regardless he went on to tell me I was wrong. The next day he said he had done it. I asked him to show me, and he said "oh it's at home", and then proceeded to ridicule me in front of my architect. He always pulls this one up's man ship bullshit and I hate it. And I am pretty sure he's wrong.

Comments
  • 1
    He's an ass.
  • 4
    Give him the age old ultimatum: pics or it didn't happen.
  • 0
    I think its possible if you proxy the href to point to an intermediate script on the server.

    The proxy script can then inject the auth header and pass the request onto the PDF endpoint.
  • 0
    @kunashe I thought of that too...but how would the proxy know who you are? Especially if we are sessionless like REST constraints call for?
  • 1
    @deusprogrammer is it not possible to send the data you planned to put in the xhr as parameters in the uri to the proxy?
  • 0
    It's an anchor tag though.
  • 0
    yes it is possible.
    you can "build" your PDF file in the client, from the Rest response, therefore you don't have any cross origin issues or something alike.
  • 5
    Finally he got it and told me I was right. I think I will have a beer.
  • 0
    These are times you leave them to themselves and ask them to thank you later :p
  • 0
    So....
Add Comment