前言

项目渗透性测试报出问题：请求url后面不允许带上token，解决方案是将token放在请求头的Authorization中

问题

问题：原先下载资源的方式是window.location.url = url 浏览器完成下载，发现document请求无法设置请求头
解决：重写下载

function downloadFile (url,fileName) {//fileName必须要
    var xhr = new XMLHttpRequest();
    xhr.open('GET',url,true);
    xhr.setRequestHeader('Authorization',window.sessionStorage.getItem('token'));
    xhr.responseType = 'blob';
    xhr.onload = function (e) {
        if(this.status == 200) {
            var blob = new Blob([this.response],{type:'text/plain;charset=utf-8'});
            if('download' in document.createElement('a')){//非IE下载
            	var url = window.URL.createObjectURL(blob);
	            var a = document.createElement('a');
	            a.href = url;
	            a.download = fileName;
	            a.click();
	            window.URL.revokeObjectURL(url)
	          }else{//IE10+下载
        		navigator.msSaveBlob(blob,fileName)
        		}
        }
    }
}