Google Drive和CORS跨域请求 [英] Google Drive and CORS Cross Domain Requests
问题描述
使用XMLHttpRequest的简单'GET'在Chrome和Firefox中运行良好,因为它支持请求标头,它允许浏览器请求CORS响应,如下所示代码行:
var xhr = new XMLHttpRequest();
xhr.open('GET',file.downloadUrl);
xhr.setRequestHeader('Authorization','Bearer'+ accessToken);
xhr.onload = function(){
callback(xhr.responseText);
};
xhr.send();
IE不支持请求标头,据说是出于安全原因。由于没有能力在这个不幸流行的浏览器中下载内容,我完全被困住了。
我的问题是这样的 - 世界上这些其他应用程序是如何处理这个问题的?他们是否使用某种服务器端代理,并通过自己的后端汇集所有驱动器请求?这一点似乎相当艰巨。或者,有没有办法在启动时访问驱动器文件,我不知道?
我看到一些解决方案需要在两台服务器上都有文件,就我所知,这不是一个选项。 Google Drive是否能够在没有请求标题的情况下使用CORS进行响应,或者是否有另一个我不知道的API支持从Drive域中的iframe进行某种回调?
在这一点上,我几乎死在水中。任何提示将非常感谢。抱歉,不得不提出与MS产品有关的任何问题。 解决方案
如果问题出在IE不允许添加或者不传递 Authorization 头,你可以尝试使用具有相同行为的 access_token URL参数传递访问令牌作为 Authorization 头:
var xhr = new XMLHttpRequest();
xhr.open('GET',file.downloadUrl +'& access_token ='+ accessToken);
xhr.onload = function(){
callback(xhr.responseText);
};
xhr.send();
I have been wracking my brain trying to figure out how to download a file from Drive in Internet Explorer. It seems that Cross Domain security concerns are preventing this.
A simple 'GET' using XMLHttpRequest works fine in Chrome and Firefox, because it supports request headers, which allow the browser to request a CORS response, as shown in the following lines of code:
var xhr = new XMLHttpRequest();
xhr.open('GET', file.downloadUrl);
xhr.setRequestHeader('Authorization', 'Bearer ' + accessToken);
xhr.onload = function() {
callback(xhr.responseText);
};
xhr.send();
IE does not support the request headers, purportedly for security reasons. With no ability to download content in this unfortunately popular browser, I am completely stuck.
My question is this - how in the world are these other applications dealing with this issue? Are they using a server side proxy of some sort, and funneling all drive requests through their own back end? That seems rather arduous at this point. Or, is there some way to access the drive file upon launch, that I am not aware of?
I have seen some solutions that require files on both servers, which are not an option as far as I am aware. Does Google Drive have the ability to respond with CORS without the request header, or is there another API that I am not aware of that supports some sort of callback from an iframe within the Drive domain?
I am pretty much dead in the water at this point. Any tips would be greatly appreciated. Sorry to have to ask any questions having to do with MS products.
If the issue is with IE not allowing you to add or not passing the Authorization header, you could try passing the Access Token using the access_token URL parameter which has the same behavior as the Authorization header:
var xhr = new XMLHttpRequest();
xhr.open('GET', file.downloadUrl + '&access_token=' + accessToken);
xhr.onload = function() {
callback(xhr.responseText);
};
xhr.send();
这篇关于Google Drive和CORS跨域请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
