Menu
Is there a reason why Google Drive does not set Access-Control-Allow-Origin:* on the file data available at downloadUrl.
I am interested in downloading binary files from Google Drive using ajax/CORS.
However, the only way to achieve this seems to be through a proxy.
333
I recently found that Google Drive does accept CORS requests if a valid access token is provided.
CORS will work in chrome. Just use chrome is safe-mode, i.e., use disable security settings. Google it about it, or you can even start from command line also.
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
Access-Control-Allow-Credentials: true
Because it would be a huge security hole.
Any website you visited would be able to grab files from your Google Drive if you were logged into Google.
Access-Control-Allow-Credentials: true or with Access-Control-Allow-Credentials: false
You could ask Why is the Access-Control-Allow-Origin header necessary at all?
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
