Downloading protected assets

I have an ember app using http header for authentication. The backend is a rails app. There is an Index action able to answer in json for ember, and in CSV to generate a file. Of course the action expect the query to have a valid token in the header.

rails controller :

        respond_to do |format|
          format.json {json_response @custormer_info_requests.page(@page).per(@size)}
          format.csv {send_data @custormer_info_requests.to_csv, filename: "demandes.csv"}
        end

The link to the CSV in hbs:

<a href='/marketadmin_api/v1/customer_info_requests.csv?partner_id={{partner.id}}'>
  Télécharger
</a>

Is there a way to add auth data to the header and make the browser download the file?

I don’t think there’s any way to add headers to a request made via href, I think you’d need to use a button instead of a link and handle the request in the action (you could put an action on an <a> tag also but this is discouraged for accessibility reasons iirc)

I aml struggling to download a file, here is my not working action that fails on assetURL :

downloadProtectedFile(){
      let{partner}=this
      var req = new XMLHttpRequest();
      var csv_url = window.assetURL(`/marketadmin_api/v1/customer_info_requests.csv?partner_id=#{partner.id}`);
      req.open("GET", csv_url, true);
      req.responseType = "blob";
      console.log(req);
    }

And it seems It will not using ember app auth. I am not sure what to do next

Are you using ember-simple-auth or some other authorization method?

Yes, I am, currently, I am going toward a fetch solution in a Service.

Ok so I don’t think ESA will automatically add authorization headers to any arbitrary request, in the README there’s an example of doing it manually:

this.get('session').authorize('authorizer:oauth2', (headerName, headerValue) => {
  const headers = {};
  headers[headerName] = headerValue;
  Ember.$.ajax('/secret-data', { headers });
});

and you can reference ESA’s DataAdapterMixin

Thanks for your help !

:+1: hope you can get it all working, good luck!