我目前正在构建ASP.NET Web应用程序以简化Google协作平台,页面,Google协作平台上的小工具和Google协作平台的ACL的配置。CORS对Google协作平台Feed/API的身份验证请求被屏蔽
我遇到了许多开发人员已经遇到的问题:跨源资源。根据谷歌关于CORS对Google API请求的文档,您只需使用XMLHttpRequest(或AJAX)请求,在标头中提供您的访问令牌。更多信息可以在这里找到:
https://developers.google.com/api-client-library/javascript/features/cors
我已经完全能够做到这一点,当我从我在谷歌网站域内访问谷歌网站的API,注入AJAX请求,同时我的浏览器窗口的位置在域内。一个成功请求的示例,使一个新的网站从我的域内:
$.ajax(
{
////// REQUEST \\\\\\
type: "POST",
url: "https://sites.google.com/feeds/site/[domainName]",
contentType: "application/atom+xml",
headers: {
"Authorization": "Bearer " + [accessToken],
"GData-Version": "1.4"
},
data: ["<entry xmlns='http://www.w3.org/2005/Atom' xmlns:sites='http://schemas.google.com/sites/2008'>",
"<title>What a site</title>",
"<summary>Best description ever.</summary>",
"<sites:theme>ski</sites:theme>",
"</entry>"].join(""),
////// LOGGING \\\\\\
beforeSend: function() {
console.log('-------Making-the-request-------');
},
success: function (result) {
console.log(result);
},
error: function (xhr, ajaxOptions, thrownError) {
console.log(thrownError);
console.log(xhr.status);
}
});
(在以下几种情况下,我在写https://开头为[HTTPS]由于我的帐户仍被限制在2链接在一个职位)。
在这一点上一切都很好,我以为我有一切设置为使用代码到我的ASP.NET网站。唉,事情并不总是按计划进行。当我从我的应用程序中执行完全相同的AJAX调用(现在仍托管在[HTTPS]本地主机:44301),我收到以下错误:
XMLHttpRequest cannot load [https]sites.google.com/feeds/site/[censored] Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '[https]localhost:44301' is therefore not allowed access. The response had HTTP status code 405.
通常CORS错误。然而,我很惊讶,因为向Google API提出请求的建议方式正是如此。我还发现了一篇文章关于使用CORS与谷歌云API:
https://cloud.google.com/storage/docs/cross-origin
在它规定的文章:
Most clients (such as browsers) use the XMLHttpRequest object to make a cross-domain request. XMLHttpRequest takes care of all the work of inserting the right headers and handling the CORS interaction with the server. This means you don't add any new code to take advantage of CORS support, it will simply work as expected for Google Cloud Storage buckets configured for CORS.
当然,这并不是谷歌协作平台API,但我发现很难相信Google在其所有API中都没有实现相同的功能。
有谁知道是否有可能从独立的ASP.NET应用程序中实现这样的成功请求?如果是这样,怎么样?
非常感谢花时间阅读我的艰辛。
UPDATE:
我已经联系谷歌Apps支持关于我的问题,并且已经得到了如下回应:
In addition to the information you provided, I also reviewed your post at CORS authenticated requests to Google Sites feed/API blocked . The note at https://developers.google.com/google-apps/sites/docs/1.0/developers_guide_java#SiteFeedPOST only reinforces the statement under 'Can I create a new Google Site?' and 'How do I copy a site?' at https://developers.google.com/google-apps/sites/faq#Getting__Started , which states 'Google Apps users can use the site feed to ...' However, I don't see why this is relevant to your issue, if you've authorised against your domain administrator account, as the note is only indicating that gmail.com users won't be able to use the listed methods to create, or copy a site.
I haven't used CORS, so can't comment on it's operation, but have been able to successfully list, and create sites using HTTP GET and POST requests via a raw HTTP client, so the API is operating as it should with regard to cross domain requests. I used the sample XML document at https://developers.google.com/google-apps/sites/docs/1.0/developers_guide_protocol#SitesFeedPOST to create my site, configuring the client with credentials for my Developer console project. The fact that the request only fails in your ASP.NET site implies that there is something in that environment which isn't configured correctly. Unfortunately that's outside my scope of support, so I'm unable to provide any specific advice, other than to check the relevant documentation, or post a request in the ASP.NET section of Stack Overflow at https://stackoverflow.com/questions/tagged/asp.net .
您可以使用JSONP做到这一点 –