Google Drive and CORS Cross Domain Requests

Question

I have been wracking my brain trying to figure out how to download a file from Drive in Internet Explorer. It seems that Cross Domain security concerns are preventing this.

A simple 'GET' using XMLHttpRequest works fine in Chrome and Firefox, because it supports request headers, which allow the browser to request a CORS response, as shown in the following lines of code:

   var xhr = new XMLHttpRequest();
   xhr.open('GET', file.downloadUrl);
   xhr.setRequestHeader('Authorization', 'Bearer ' + accessToken);
   xhr.onload = function() {
      callback(xhr.responseText);
   };
   xhr.send();

IE does not support the request headers, purportedly for security reasons. With no ability to download content in this unfortunately popular browser, I am completely stuck.

My question is this - how in the world are these other applications dealing with this issue? Are they using a server side proxy of some sort, and funneling all drive requests through their own back end? That seems rather arduous at this point. Or, is there some way to access the drive file upon launch, that I am not aware of?

I have seen some solutions that require files on both servers, which are not an option as far as I am aware. Does Google Drive have the ability to respond with CORS without the request header, or is there another API that I am not aware of that supports some sort of callback from an iframe within the Drive domain?

I am pretty much dead in the water at this point. Any tips would be greatly appreciated. Sorry to have to ask any questions having to do with MS products.

Answer 1

If the issue is with IE not allowing you to add or not passing the Authorization header, you could try passing the Access Token using the access_token URL parameter which has the same behavior as the Authorization header:

var xhr = new XMLHttpRequest();
xhr.open('GET', file.downloadUrl + '&access_token=' + accessToken);
xhr.onload = function() {
   callback(xhr.responseText);
};
xhr.send();