Picasa API是否允许CORS帖子？ [英] Does Picasa api allow CORS Post?

问题描述

Picasa api允许跨网域GET请求。但是当我尝试张贴图片/评论时，发现以下错误。

Picasa api allows cross domain GET requests. But when I tried posting an image/comment, I got the following error.

XMLHttpRequest无法加载 https： /picasaweb.google.com/data/feed/api/user/default/albumid/5825390619150171601?access_token=ya29.AHES6ZSR2XSlImdSJxNBVczzfz4DPoW3vRvywTNg8ELNs6OStqSBbTM 。原始'http：// localhost'不允许由Access-Control-Allow-Origin。

XMLHttpRequest cannot load https://picasaweb.google.com/data/feed/api/user/default/albumid/5825390619150171601?access_token=ya29.AHES6ZSR2XSlImdSJxNBVczzfz4DPoW3vRvywTNg8ELNs6OStqSBbTM. Origin 'http://localhost' is not allowed by Access-Control-Allow-Origin.

var url = 'https://picasaweb.google.com/data/feed/api/user/default/albumid/' + albumId + '?access_token=' + myToken;

     $.ajax({
          url: url,
          data: f /*image file object*/,
          contentType: f.type,
          processData: false,
          type: "POST",
          success:function(data){
            successCallback(data);
           },
          error:function(data){
            failureCallback(data);
           }
       });

ps：这是链接到类似的stackoverflow讨论。

p.s : Here's a link to a similar stackoverflow discussion.

推荐答案

回答这个。有一些事情是很好知道在哪里...

To bad nobody answered this before. There are a few things that are good to know where...

Access-Control-Allow-Origin头必须包括在服务器响应中，并设置为您的域名或*

Access-Control-Allow-Origin header has to be included in the server response and set to either your domain name or *

当您通过Access-Control-Allow-Origin标头将Picasa的公开相册设置为*

When you get public albums from Picasa via the Access-Control-Allow-Origin header is set to *

但是，当您访问需要身份验证的功能（如上面所述）时，Access-Control-Allow-Origin会以* .google.com

But when you access features that requires authentication like the one above the header Access-Control-Allow-Origin comes back as *.google.com

这是为了防止人们建立一个使用Google免费存储后端的Picasa网站，但实际上是Picasa网站的竞争对手。

My theory on this is to prevent people to build a Picasa site that uses Google free storage back end but in fact is a competitor to the Picasa site it self.

最后一个其中重要的是，你永远不应该发送安全令牌作为查询字符串！即使你使用https / ssl的url它自己没有加密，有人可以嗅探网络流量，窃取安全令牌。我甚至不确定Picasa是否会接受它。您应该这样做：

One final and where important note is that you should never ever send a security token as a query string! Even if you use https/ssl the url it self isn't encrypted and someone can sniff the network traffic and steal the security token. Im not even sure if Picasa will accept it. You should do it like this:

 var url = 'https://picasaweb.google.com/data/feed/api/user/default/albumid/' + albumId;
 $.ajax({
      url: url,
      data: f /*image file object*/,
      contentType: f.type,
      processData: false,
      type: "POST",
      beforeSend: function(xhr) {
        xhr.setRequestHeader("Authorization", "Bearer " + myToken);
      },
      success:function(data){
        successCallback(data);
       },
      error:function(data){
        failureCallback(data);
       }
   });

这篇关于Picasa API是否允许CORS帖子？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！