In more recent browsers, you might be able to use blobs:

在更新的浏览器中，您或许可以使用 blob：

<!DOCTYPE html>
<html>
<head>
</head>
<body>
<button onclick="tryit();">PDF</button>
<script>
    function tryit() {
        var win = window.open('_blank');
        downloadFile('/pdf', function(blob) {
            var url = URL.createObjectURL(blob);
            win.location = url;
        });
    }
    function downloadFile(url, success) {
        var xhr = new XMLHttpRequest();
        xhr.open('GET', url, true);
        xhr.setRequestHeader("Authorization", "Basic " + btoa("username:password"));
        xhr.responseType = "blob";
        xhr.onreadystatechange = function() {
            if (xhr.readyState == 4) {
                if (success) success(xhr.response);
            }
        };
        xhr.send(null);
    }

</script>
</body>
</html>

In IE, ask the user:

在 IE 中，询问用户：

window.navigator.msSaveOrOpenBlob(blob, 'readme.pdf');

P.S. You can test the backend in Node:

PS 你可以在 Node 中测试后端：

router.get('/pdf', function(req, res) {
  if(req.headers.authorization !== 'Basic dXNlcm5hbWU6cGFzc3dvcmQ=') return res.status(403).send('Not allowed');
  res.sendFile(path.join(__dirname, 'public', 'render.pdf'));
});
router.get('/', function(req, res) {
  res.render('index');
});

I think this is what you are looking for... Or correct me if i am wrong.

我想这就是你要找的东西……如果我错了，请纠正我。

https://developer.mozilla.org/en/docs/Setting_HTTP_request_headers

https://developer.mozilla.org/en/docs/Setting_HTTP_request_headers

If you don't care about hiding or obfuscating the user credentials then just use plain GET authentification: use http://username:[email protected]/instead of http://MyApi.com/

如果您不关心隐藏或混淆用户凭据，则只需使用普通的 GET 身份验证：使用http://username:[email protected]/而不是http://MyApi.com/

Does it have to be a GET?

它必须是 GET 吗？

The reason I am asking is that you could just have a POST form (to a target="_BLANK") that posts whatever but shows an embedded file in a new window. Of course this wouldn't solve the issue with your custom headers, but then since you can also POST using jquery.ajax - which does allow you to set your own headers - you'd have the best of both worlds.

我问的原因是你可以有一个 POST 表单（到目标 =“_BLANK”），它可以发布任何内容，但在新窗口中显示嵌入的文件。当然，这不会解决您的自定义标头的问题，但是由于您也可以使用 jquery.ajax 进行 POST - 这确实允许您设置自己的标头 - 您将拥有两全其美的优势。

Here's a jQuery pluginthat creates such a form dynamically in order to download whichever file. You could use this as a reference...

这是一个jQuery 插件，它动态创建这样的表单以下载任何文件。你可以把它作为参考...

Hope this helps

希望这可以帮助

You should configure $.ajaxusing beforeSend. Below an example, but of course I don't know if the exact setup will work for you without any code to look at.

您应该$.ajax使用beforeSend. 下面是一个示例，但当然我不知道确切的设置是否适合您，而无需查看任何代码。

$.ajax( {
    url : '/model/user.json',
    dataType : 'json',
    'beforeSend' : function(xhr) {
            var bytes = Crypto.charenc.Binary.stringToBytes(username + ":" + password);
            var base64 = Crypto.util.bytesToBase64(bytes);
            xhr.setRequestHeader("Authorization", "Basic " + base64);
    },
    error : function(xhr, ajaxOptions, thrownError) {
        reset();
        onError('Invalid username or password. Please try again.');
        $('#loginform #user_login').focus();
    },
    success : function(model) {
        cookies();
            ...
    }
});

For this to work you need crypto-js.

为此，您需要crypto-js。