1. 技术文章
  2. Does Picasa api allow CORS Post?

Does Picasa api allow CORS Post?

别说谁变了你拦得住时间么 提交于 2019-12-02 00:29:28

问题


Picasa api allows cross domain GET requests. But when I tried posting an image/comment, I got the following error.

XMLHttpRequest cannot load https://picasaweb.google.com/data/feed/api/user/default/albumid/5825390619150171601?access_token=ya29.AHES6ZSR2XSlImdSJxNBVczzfz4DPoW3vRvywTNg8ELNs6OStqSBbTM. Origin 'http://localhost' is not allowed by Access-Control-Allow-Origin.

var url = 'https://picasaweb.google.com/data/feed/api/user/default/albumid/' + albumId + '?access_token=' + myToken;

     $.ajax({
          url: url,
          data: f /*image file object*/,
          contentType: f.type,
          processData: false,
          type: "POST",
          success:function(data){
            successCallback(data);
           },
          error:function(data){
            failureCallback(data);
           }
       });

p.s : Here's a link to a similar stackoverflow discussion.


回答1:


To bad nobody answered this before. There are a few things that are good to know where...

Access-Control-Allow-Origin header has to be included in the server response and set to either your domain name or *

When you get public albums from Picasa via the Access-Control-Allow-Origin header is set to *

But when you access features that requires authentication like the one above the header Access-Control-Allow-Origin comes back as *.google.com

My theory on this is to prevent people to build a Picasa site that uses Google free storage back end but in fact is a competitor to the Picasa site it self.

One final and where important note is that you should never ever send a security token as a query string! Even if you use https/ssl the url it self isn't encrypted and someone can sniff the network traffic and steal the security token. Im not even sure if Picasa will accept it. You should do it like this:

 var url = 'https://picasaweb.google.com/data/feed/api/user/default/albumid/' + albumId;
 $.ajax({
      url: url,
      data: f /*image file object*/,
      contentType: f.type,
      processData: false,
      type: "POST",
      beforeSend: function(xhr) {
        xhr.setRequestHeader("Authorization", "Bearer " + myToken);
      },
      success:function(data){
        successCallback(data);
       },
      error:function(data){
        failureCallback(data);
       }
   });


来源:https://stackoverflow.com/questions/14154817/does-picasa-api-allow-cors-post

标签
cors
picasa
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!