Add JWT token to assets within an iFrame

So I am currently working on merging an old legacy system into a new system. The system loads a .HTML file in an iFrame using an API proxy.

http://{domain}/api/proxy/index.html?token={token}

That is secure and nailed down. The only issue is within the .HTML file none of the assets have the token. So when it tries to load an image it looks like this (without a token).

http://{domain}/api/proxy/thumbnail.jpg

My first answer was to append the token to all URLs within the .HTML file. This worked, however other assets might be loaded in via JavaScripts on the page. So say you have a script called “index.js” it might try and load a file into a div but then that image would not have the token so it return 401.

Is there anyway of intercepting each request between the iFrame and the endpoint to add the token to it?

I am using Laravel/PHP but it doesn’t really matter just as long as the solution is in PHP or JS.

Thanks.


Source: stackoverflow-php