I need an HTML page to access Google Drive files with XMLHttpRequest (XHR) in Javascript without authentication (so my users do not need to log in or have a Google account). These files have the permission of "Any with link." Since these files are open to the world (with a link), I donβt understand why it would be a problem to allow Cross-origin (CORS) resource sharing for them.
downloadUrl requires authentication, so I think this is not a viable option. I also looked at webViewLink , which I believe requires the files to be "publicly accessible on the Internet" - I think, in search engines, etc. For me, this is also not a viable option. I need the permission "Anyone with link" for these files. The most promising link is webContentLink , which according to http://googleappsdeveloper.blogspot.se/2012/08/5-things-you-didnt-know-you-could-do.html allows public and unauthorized access.
The problem with webContentLink is that it is not like CORS. My attempts with XHR in Chrome fail (quite quietly). I do not add headings.
My attempts with curl using --header "Origin: http://www.hello.se" and both with --header "Access-Control-Request-Method: GET" and without it lead to HTTP/1.1 302 Moved Temporarily to a short-lived content URL. The problem is that the redirect response does not have the Access-Control-Allow-Origin header that is required to enable CORS.
Is there anything I can do differently to make this work?
Otherwise, the Google SDK team, can you make webContentLink CORS for public files (which do not require cookie authentication), please?
source share