当您使用 $ window.location.href 浏览器正在HTTP请求，而不是你的JavaScript code。因此，你不能添加自定义标题如授权与令牌值。

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value.

您可以通过JavaScript添加一个cookie，并把你的身份验证令牌那里。该饼干将自动从浏览器发送。不过，你会想审查使用Cookie与一个头的安全隐患。由于这两种通过JavaScript是可访问的，没有额外的攻击媒介那里。除非您在新的页面加载后删除的cookie，有可能是一个CSRF攻击提供。

You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.