如何在未经身份验证的情况下通过XHR(CORS)访问公共Google Drive文件? [英] How can I access a public Google Drive file by XHR (CORS) without authentication?
问题描述
我需要一个HTML页面来使用Java脚本中的 XMLHttpRequest (XHR)访问Google云端硬盘文件而无需进行身份验证(因此,我的用户不必使用或登录一个Google帐户)。这些文件具有具有链接的任何人的权限。由于这些文件是面向全世界开放的(具有链接),所以我不明白为什么允许对它们进行跨域资源共享(CORS)是个问题。
I need a HTML page to access Google Drive files with XMLHttpRequest (XHR) in Javascript without authentication (so my users don't have to be signed in with or have a Google account). These files have permission "Anyone with link". Since these files are open for the world (having the link) I don't see why it would be a problem to allow Cross-origin resource sharing (CORS) for them.
downloadUrl 需要身份验证,因此我认为这不是一个可行的选择。我还看过 webViewLink ,我想它要求文件是网络上公开的文件-我猜是在搜索引擎中打开的。这对我来说也不可行。我需要这些文件的具有链接的任何人权限。最有前景的链接是 webContentLink ,根据 http://googleappsdeveloper.blogspot.se/2012/08/5-things-you-didnt-know-you-could-do.html 允许公开和未经授权的访问。
The downloadUrl requires authentication, so I guess that isn't a viable option. I have also looked at the webViewLink, which I guess requires the files to be "Public on the web" - turning up in search engines, etc, I guess. The is not a viable option for me either. I need the "Anyone with link" permission for these files. The most promising link is the webContentLink, which according to http://googleappsdeveloper.blogspot.se/2012/08/5-things-you-didnt-know-you-could-do.html allow public and unauthenticated access.
webContentLink 的问题在于它似乎对CORS不友好。我在Chrome中使用XHR的尝试失败了(安静地退出)。我不添加任何标题。
The problem I have with webContentLink is that it doesn't seem to be CORS friendly. My attempts with XHR in Chrome fail (quite silently). I don't add any headers.
我尝试使用-header尝试以及带和不带 curl Origin:http://www.hello.se 的文件-标题 Access-Control-Request-Method:GET 导致 HTTP / 1.1 302临时移动重定向到短暂的内容URL。问题在于,重定向响应没有迹象表明 Access-Control-Allow-Origin 标头是启用CORS所必需的。
My attempts with curl using --header "Origin: http://www.hello.se" and both with and without --header "Access-Control-Request-Method: GET" results in a HTTP/1.1 302 Moved Temporarily redirect to a short-lived content URL. The problem is that the redirect response has no signs of an Access-Control-Allow-Origin header, which is needed to enable CORS.
有什么我可以做的不同的事情来使它起作用吗?
Is there anything I can do differently to get this to work?
否则,Google SDK团队,您可以使 webContentLink 对公共文件(不需要cookie身份验证)友好的CORS吗?
Otherwise Google SDK team, can you make make the webContentLink CORS friendly for public files (which don't need cookie authentication), please?
推荐答案
JSONP似乎是从客户端动态获取Google表格的唯一方法:
JSONP seems to be the only way to dynamically fetch google sheets from the client :
1)在Google云端硬盘中,在网络上发布文档&将共享选项设置为公共。
1) In Google Drive, Publish on the web the document & set sharing options to Public
2)使用JSON类型的链接以JSON格式导出数据,其外观如下: http://spreadsheets.google.com/feeds/list/YOUR_FILE_ID/od6/public / values?alt = json& callback = myCallback 。您需要附加& callback = myCallback才能使用JSONP。您可以使用jQuery进行JSONP调用。
2) Export your data in JSON format with a JSON type link, it will look like : "http://spreadsheets.google.com/feeds/list/YOUR_FILE_ID/od6/public/values?alt=json&callback=myCallback". You need to append &callback=myCallback to use JSONP. You can use jQuery to make your JSONP call.
3)定义一个window.myCallback JS函数以使用数据
3) Define a window.myCallback JS function to use the data
这篇关于如何在未经身份验证的情况下通过XHR(CORS)访问公共Google Drive文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
