0

I have an api where you need to have a valid json web token to upload an image:

For example, I make a post (with the Authorization header to this url) to upload a photo: http://localhost:3000/api/account/events/54f9b55254fb9f32306a26dd/sponsors/54fdb4212f67981b1f6a8665/logo

If I want to fetch an image I'll do a GET request to the same url, however, this won't work when using JWT because I can't send an Authorization header when fetching an image.

Is there a solution? The image cannot be made public until the user authorises it.

Flukey
  • 6,445
  • 3
  • 46
  • 71

1 Answers1

1

It is not clear why you can't send an Authorization header when making a GET request. Who is making that request? Do you want to load the image using an HTML image tag?

If so, you'll need to add authorization to your site and point the src attribute of that tag to an resource in your site that is protected by cookie auth. You can then have that resource implementation call your web API with the JWT token.

MvdD
  • 22,082
  • 8
  • 65
  • 93