上载到YouTube API时缺少“访问控制允许来源” [英] ‘Access-Control-Allow-Origin’ missing when uploading to YouTube API
问题描述
多年来,我们已经成功使用一些自定义JavaScript代码通过YouTube API上传了视频。该代码基于Google(cors_upload.js)提供的一些示例。
For several years we have successfully been uploading videos via the YouTube API using some custom JavaScript code. The code was based on some samples provided by Google (cors_upload.js). It's not something we use a lot, just every couple of weeks.
几个星期前一切正常,但这并不是我经常使用的东西。但是,引起我注意的是最近事情停止了工作。我们登录良好,我们获得了渠道信息。但是,当我们开始上传(通过XHR POST发生)时,我们会收到CORS错误:
Things were working fine a couple weeks ago, but it has come to my attention that things recently stopped working. We login fine, we obtain the channel info fine. But when we start the upload (which happens via XHR POST), we are getting a CORS error:
跨域请求被阻止:同源政策禁止读取 https上的远程资源。 ://www.googleapis.com/upload/youtube/v3/videos?part = snippet%2Cstatus& uploadType = resumable 。 (原因:CORS标头 Access-Control-Allow-Origin缺失)。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.googleapis.com/upload/youtube/v3/videos?part=snippet%2Cstatus&uploadType=resumable. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
但是我们在代码中没有做任何更改或在我们的服务器上,似乎我们正在按照Google的说明进行所有必要的工作,以使他们的服务以所需的CORS标头响应。
But we haven't changed anything in our code or on our server and it appears as if we are doing all the things necessary as documented by Google to have their service respond with the required CORS headers.
根据开发人员在控制台中,XHR请求实际上会生成2个网络请求。首先,我看到一个选项:
According to the dev console, the XHR request actually generates 2 network requests. First I see an "OPTIONS":
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?part=snippet%2Cstatus&uploadType=resumable
Request Method:OPTIONS
Remote Address:172.217.9.42:443
这实际上确实返回了我期望的 access-control-allow-origin标头。但是,紧随其后的是 POST请求:
This actually DOES return the "access-control-allow-origin" header that I expect. However, this is immediately followed by the "POST" request:
Request URL:https://www.googleapis.com/upload/youtube/v3/videos?part=snippet%2Cstatus&uploadType=resumable
Request Method:POST
Remote Address:172.217.9.42:443
根据开发控制台,它没有设置 access-control-allow-origin标头。因此,我了解为什么我的浏览器会拒绝某些东西。
And according to the dev console, it does NOT have the "access-control-allow-origin" header set. So, I understand why my browser is rejecting things. It just seems like Google broke something.
我确实在我们管理的服务器上成功部署了NodeJS CORS Anywhere服务器。因此,我可以使用它来解决此问题。但这确实不是解决问题的正确方法。由于以编程方式上传视频不是我们要做的事情,因此这项工作对我们来说可能就足够了。我很想了解出了什么问题或如何解决。因此,如果有人成功使用YouTube API和JavaScript上传了视频,那么我很想听听。希望这将有助于教育其他人是否/在遇到问题时。
I did successfully deploy a NodeJS "CORS Anywhere" server on a server we manage. So, I can use that to work around the issue. But that really isn't the correct solution to the problem. Since uploading videos programmatically isn't something we do a ton, this work around will probably be sufficient for us. I would love to understand what went wrong or how to fix. So, if someone is successfully uploading videos with the YouTube API and JavaScript, I would love to hear about it. Hopefully this will help educate others if/when they run into the issue.
推荐答案
我的服务刚刚开始发生相同的问题。
The same problem just started to happen with my services.
这似乎是googleapis上的错误,或者youtube.v3.apis更改了政策并开始阻止某些客户端。
It seems to be a bug on googleapis or maybe youtube.v3.apis had a policy change and started to block some clients.
这篇关于上载到YouTube API时缺少“访问控制允许来源”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
