I have a MEAN stack application that uses JWT for authentication. I use Satellizer (an Angular module) to implement the JWT authentication flow. It sends the Authorization header with the bearer token whenever requests are made through the app.
My problem is when a request to a restricted url, lets say /dashboard is made through the address bar, the browser does not send an authorization header, thus blocking the request.
So what should I do to make the browser send the authorization header when making requests to restricted urls?
If the user directly enters an address in the bar I'm afraid you can not do anything except redirect to the error form. The browser will not send specific headers
But if you are building the links that the user clicks, then you can add the JWT token in the URL link itself
/dashboard?jwt=. In the server you will have to take into account this case of authenticationBe careful in this case, the browser could cache the URL and write it in some log. If the JWT is signed and not encrypted it could leak sensitive information if an attacker has read-access to the log files. Also it could be possible a session hijacking attack.