已阻止对 Google 站点 feed/API 的 CORS 身份验证请求

CORS authenticated requests to Google Sites feed/API blocked

我目前正在构建一个 ASP.NET 网络应用程序,以简化 Google 站点、页面、Google 站点上的小工具和 Google 站点的 ACL 的配置。

我遇到了许多开发人员已经遇到的问题:cross-origin 资源。根据 Google 对 Google API 的 CORS 请求的文档,您只需使用 XMLHttpRequest(或 AJAX)请求,在 header.可以在这里找到更多信息:

https://developers.google.com/api-client-library/javascript/features/cors

当我从我域内的 Google 站点访问 Google 站点 API 时,我已经完全能够完成此操作,注入 AJAX 请求而我的浏览器 window 的位置在域内。从我的域中创建新站点的成功请求示例:

$.ajax(
{
    ////// REQUEST \\\
    type: "POST",
    url: "https://sites.google.com/feeds/site/[domainName]",
    contentType: "application/atom+xml",
    headers: {
        "Authorization": "Bearer " + [accessToken],
        "GData-Version": "1.4"
    },
    data: ["<entry xmlns='http://www.w3.org/2005/Atom' xmlns:sites='http://schemas.google.com/sites/2008'>",
               "<title>What a site</title>",
               "<summary>Best description ever.</summary>",
               "<sites:theme>ski</sites:theme>",
           "</entry>"].join(""),

    ////// LOGGING \\\
    beforeSend: function () {
        console.log('-------Making-the-request-------');
    },
    success: function (result) {
        console.log(result);
    },
    error: function (xhr, ajaxOptions, thrownError) {
        console.log(thrownError);
        console.log(xhr.status);
    }
});

(在下面的几种情况下,我将 https:// 写成 [https],因为我的帐户仍然被限制为 post 中的 2 个链接)。

此时一切顺利,我以为我已经准备好将代码用于我的 ASP.NET 站点。 las,事情并不总是按计划进行。当我从我的应用程序中执行完全相同的 AJAX 调用时(现在仍然托管在 [https]localhost:44301 上),我收到以下错误:

XMLHttpRequest cannot load [https]sites.google.com/feeds/site/[censored] Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '[https]localhost:44301' is therefore not allowed access. The response had HTTP status code 405.

常见的 CORS 错误。不过我很惊讶,因为向 Google APIs 发出请求的建议方式正是这样。我还找到了一篇关于在 Google Cloud API:

中使用 CORS 的文章

https://cloud.google.com/storage/docs/cross-origin

文章中指出:

Most clients (such as browsers) use the XMLHttpRequest object to make a cross-domain request. XMLHttpRequest takes care of all the work of inserting the right headers and handling the CORS interaction with the server. This means you don't add any new code to take advantage of CORS support, it will simply work as expected for Google Cloud Storage buckets configured for CORS.

当然,这不是 Google 站点 API,但我很难相信 Google 没有在其所有 APIs.

有谁知道是否有可能在独立的 ASP.NET 应用程序中实现这样的成功请求?如果是,怎么做?

非常感谢您花时间阅读我的艰辛。

更新:

我已经就我的问题联系了 Google 应用程序支持,并得到了以下回复:

In addition to the information you provided, I also reviewed your post at . The note at https://developers.google.com/google-apps/sites/docs/1.0/developers_guide_java#SiteFeedPOST only reinforces the statement under 'Can I create a new Google Site?' and 'How do I copy a site?' at https://developers.google.com/google-apps/sites/faq#Getting__Started, which states 'Google Apps users can use the site feed to ...' However, I don't see why this is relevant to your issue, if you've authorised against your domain administrator account, as the note is only indicating that gmail.com users won't be able to use the listed methods to create, or copy a site.

I haven't used CORS, so can't comment on it's operation, but have been able to successfully list, and create sites using HTTP GET and POST requests via a raw HTTP client, so the API is operating as it should with regard to cross domain requests. I used the sample XML document at https://developers.google.com/google-apps/sites/docs/1.0/developers_guide_protocol#SitesFeedPOST to create my site, configuring the client with credentials for my Developer console project. The fact that the request only fails in your ASP.NET site implies that there is something in that environment which isn't configured correctly. Unfortunately that's outside my scope of support, so I'm unable to provide any specific advice, other than to check the relevant documentation, or post a request in the ASP.NET section of Stack Overflow at https://whosebug.com/questions/tagged/asp.net.

您可以删除 "GData-Version": "1.4" 后再试一次吗? 如果你真的想发送这个值,通过添加一个查询参数来发送,比如v=X.0。来自 here

的资源

更新:

"Note: This feature is only available to Google Apps domains." From guides

已解决

似乎许多浏览器仍会阻止跨不同域的 AJAX 请求,即使它已被您尝试访问的 API 允许。我现在没有使用 AJAX,而是在 DLL 中使用 C# WebRequest

示例:

// Create the request
WebRequest request = WebRequest.Create("https://sites.google.com/feeds/site/[domainName]");
request.Method = "POST";
request.contentType = "application/atom+xml";
request.Headers.Set(HttpRequestHeader.Authorization, "Bearer " + [accessToken]);
request.Headers["GData-Version"] = "1.4";

// Fill in the data and encode for the datastream
string data = ["<entry xmlns='http://www.w3.org/2005/Atom' xmlns:sites='http://schemas.google.com/sites/2008'>",
                   "<title>What a site</title>",
                   "<summary>Best description ever.</summary>",
                   "<sites:theme>ski</sites:theme>",
               "</entry>"].join("");
byte[] byteArray = Encoding.UTF8.GetBytes (data);

// Add the data to the request
Stream dataStream = request.GetRequestStream ();
dataStream.Write (byteArray, 0, byteArray.Length);
dataStream.Close ();

// Make the request and get the response
WebResponse response = request.GetResponse ();

可以在 MSDN 上找到更多信息: https://msdn.microsoft.com/en-us/library/debx8sh9(v=vs.110).aspx