当您使用 $window.location.href 时，浏览器发出的是 HTTP 请求，而不是您的 JavaScript 代码.因此，您不能使用令牌值添加像 Authorization 这样的自定义标头.

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value.

您可以通过 JavaScript 添加一个 cookie 并将您的身份验证令牌放在那里.cookie 将自动从浏览器发送.但是，您需要查看使用 cookie 与标头的安全隐患.由于两者都可以通过 JavaScript 访问，因此没有额外的攻击向量.除非您在新页面加载后移除 cookie，否则可能存在 CSRF 漏洞利用.

You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.