Manage authentication when downloading files

[ebrehault]

Our Plone pages will contain links to downloadable files. JWT is based on HTTP headers. It works fine with AJAX calls, but we are not able to set the needed header when the user clicks on a link to download a file.

I can see 2 possible solutions:

• Backend: we implement an endpoint able to generate a dynamic url that will contain work only once, and this it the link the user will click.
• ServiceWorker: a ServiceWorker works like a local proxy in the browser. It is able to catch any HTTP call. I guess we can use it to add the JWT header to the file GET request.

I like the second approach, but it makes HTTPS mandatory (which is ok, I think). @bloodbare what do you think?

[bloodbare]

I also like the second approach, maybe we will need also the first approach or an angular2 view that encapsulates the download to enable sending links to files that are downloadable.