When you use $window.location.href
the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization
with your token value.
You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available.