Picasa api allows cross domain GET requests. But when I tried posting an image/comment, I got the following error.
XMLHttpRequest cannot load
ht
To bad nobody answered this before. There are a few things that are good to know where...
Access-Control-Allow-Origin header has to be included in the server response and set to either your domain name or *
When you get public albums from Picasa via the Access-Control-Allow-Origin header is set to *
But when you access features that requires authentication like the one above the header Access-Control-Allow-Origin comes back as *.google.com
My theory on this is to prevent people to build a Picasa site that uses Google free storage back end but in fact is a competitor to the Picasa site it self.
One final and where important note is that you should never ever send a security token as a query string! Even if you use https/ssl the url it self isn't encrypted and someone can sniff the network traffic and steal the security token. Im not even sure if Picasa will accept it. You should do it like this:
var url = 'https://picasaweb.google.com/data/feed/api/user/default/albumid/' + albumId;
$.ajax({
url: url,
data: f /*image file object*/,
contentType: f.type,
processData: false,
type: "POST",
beforeSend: function(xhr) {
xhr.setRequestHeader("Authorization", "Bearer " + myToken);
},
success:function(data){
successCallback(data);
},
error:function(data){
failureCallback(data);
}
});