Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does this CORS request to a google Drive Sheet fail in Firefox ? (works in Chrome)

I'm trying to request a google sheet from the client in javascript, using jquery ajax.

The following code works in Chrome but fails in Firefox.

Question : how can I get it to work in Firefox?

If it's a server configuration issue then does this mean it's impossible to link to google drive documents from a firefox client?

Here is the code:

var url = 'http://docs.google.com/spreadsheets/export?id=1-on_GfmvaEcOk7HcWfKb8B6KFRv166RkLN2YmDEtDn4&exportFormat=csv';
$.ajax({
    url : url,
    type : 'GET',
    dataType : 'text',
    success : function(res, status){
        console.log('status : ' + status);
        console.log(res);
    },
    error : function(res, status, error){
        console.log('status : ' + status);
        console.log(res);
        console.log(error);
    }
});

In Chrome I get a 307 response then a 200 with the desired data. In Firefox I get a only a 200 response but with the error message something like "Access-Control-Allow-Origin header missing, Same Origin Policy does not allow to fetch this resource".

like image 830
Mister Fresh Avatar asked Oct 01 '15 22:10

Mister Fresh


2 Answers

The problem is that docs.google.com does not set CORS headers on redirects. And Chrome is not following the specification by not enforcing that and therefore has a security bug of sorts.

like image 78
Anne Avatar answered Sep 30 '22 18:09

Anne


docs.google.com is in Chrome's HSTS preload list. The request to http://docs.google.com is transparently rewritten to https://docs.google.com, so no redirect happens.

I assume this will resolve itself if Firefox pulls an updated copy of the HSTS preload list. As Anne notes, simply changing the link to https directly will solve your use case.

like image 38
Mike West Avatar answered Sep 30 '22 17:09

Mike West