Google云端硬盘CORS [英] Google Drive CORS

问题描述

有没有理由Google云端硬盘不会对downloadUrl上提供的文件数据设置Access-Control-Allow-Origin：*。
我有兴趣使用ajax / CORS从Google云端硬盘下载二进制文件。
但是，实现这一点的唯一方法似乎是通过代理。

Is there a reason why Google Drive does not set Access-Control-Allow-Origin:* on the file data available at downloadUrl.
I am interested in downloading binary files from Google Drive using ajax/CORS.
However, the only way to achieve this seems to be through a proxy.

推荐答案

使用 Access-Control-Allow-Credentials：true

因为这将是一个巨大的安全漏洞。

With Access-Control-Allow-Credentials: true

Because it would be a huge security hole.

您访问过的任何网站都可以从您的Google云端硬盘抓取文件

Any website you visited would be able to grab files from your Google Drive if you were logged into Google.

您可以询问为什么Access- Control-Allow-Origin标头必需？

这篇关于Google云端硬盘CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！