问题
The webContentLink is supposed to be a direct link to the file represented by the fileResource.
Let's first ignore the fact that the link will infact always respond with a 302 pointing to a generated downloadUrl (which has a very finite life-time).
I understand that the resource pointed to by webContentLink uses cookie-based authentication and CORS would pose a security risk, however the documentation explicitly states that no authentication is needed when the file in question is public (obviously).
So for the case where the file is publicly available I do not understand why CORS is not supported.
Is there some security risk associated with this that I fail to realise? Bug? Was it deemed too much work to check the permissions on the file before responding with or without the Access-Control-Allow-Origin.
On a side note, using a server-side proxy to fetch the downloadUrl pointed to by the 302 location produces a resource that does support CORS.
回答1:
Not a solution to the issue posed by the question but using the GDrive hosting feature I was able to work around the limitation of the webContentLink without using a server side proxy.
https://googledrive.com/host/shared_folder_id/relative_path
That link will be a direct link to the file and the resource supports CORS. However this has the limitation that the file's name has to be unique inside its own folder, otherwise it does not work.
来源:https://stackoverflow.com/questions/31841275/google-drive-webcontentlink-does-not-support-cors-when-file-is-public