Reputation: 680
Why does this CORS request to a google Drive Sheet fail in Firefox ? (works in Chrome)
I'm trying to request a google sheet from the client in javascript, using jquery ajax.
The following code works in Chrome but fails in Firefox.
Question : how can I get it to work in Firefox?
If it's a server configuration issue then does this mean it's impossible to link to google drive documents from a firefox client?
Here is the code:
var url = 'http://docs.google.com/spreadsheets/export?id=1-on_GfmvaEcOk7HcWfKb8B6KFRv166RkLN2YmDEtDn4&exportFormat=csv';
$.ajax({
url : url,
type : 'GET',
dataType : 'text',
success : function(res, status){
console.log('status : ' + status);
console.log(res);
},
error : function(res, status, error){
console.log('status : ' + status);
console.log(res);
console.log(error);
}
});
In Chrome I get a 307 response then a 200 with the desired data. In Firefox I get a only a 200 response but with the error message something like "Access-Control-Allow-Origin header missing, Same Origin Policy does not allow to fetch this resource".
Upvotes: 5
Views: 5228
Answers (3)
Reputation: 680
I found a workaround by configuring Google Drive slightly differently, and using JSONP :
1) In Google Drive, Publish on the web the document & set sharing options to Public
2) Export your data in JSON format with a JSON type link, it will look like : "http://spreadsheets.google.com/feeds/list/YOUR_FILE_ID/od6/public/values?alt=json&callback=myCallback". You need to append &callback=myCallback to use JSONP. You can use jQuery to make your JSONP call.
3) To use the data, you need to define the callback function specified in the url , in this case "myCallback"
I've mentioned a similar procedure in a different answer but I think it can be useful to mention it here as well since it directly relates to the problem I was facing.
@EnricoFerreguti you should replace YOUR_FILE_ID with your file ID. Example : https://spreadsheets.google.com/feeds/list/1-on_GfmvaEcOk7HcWfKb8B6KFRv166RkLN2YmDEtDn4/od6/public/values?alt=json from the http://misterfresh.github.io/react-drive-cms/ website .
Upvotes: 0
Reputation: 5143
docs.google.com is in Chrome's HSTS preload list. The request to http://docs.google.com is transparently rewritten to https://docs.google.com, so no redirect happens.
I assume this will resolve itself if Firefox pulls an updated copy of the HSTS preload list. As Anne notes, simply changing the link to https directly will solve your use case.
Upvotes: 2
Reputation: 7643
The problem is that docs.google.com does not set CORS headers on redirects. And Chrome is not following the specification by not enforcing that and therefore has a security bug of sorts.
Upvotes: 4
Related Questions
- Why is this CORS request failing only in Firefox?
- CORS preflight requests working with jQuery AJAX, but failing with native XmlHttpRequests in Firefox
- Strange CORS issue with Google Drive API
- Why does a legitimate cors request that works on Chrome fail on FireFox?
- XMLHttpRequest CORS to Google Cloud Storage only working in preflight request
- CORS Request Aborted in Firefox, not in Chrome or IE
- CORS authorization on google sheets API requests
- CORS error for firefox and chrome
- CORS preflight fails when writing to Google Spreadsheet API
- Google Drive and CORS Cross Domain Requests