I have cms where I use laravel as web api, angularjs for requests. I have an iframe where I call a direct link service and put it in the usr trusted src function.
The main problem is that I cannot use a normal HTTP request and hide the parameters, because using an http request will return data, not a file, and the api report will be returned in the headers, html file, pdf ... etc. etc.), so when I get the result to the success of my HTTP request, it will not load the pdf file, it will show special characters
in the i-frame calling the api as follows: "Local / API / getreportService /" + $ scope.brandid + "&" + $ scope.customerid "
but this cannot be safe, is there a way to hide the request from users?
source
share