2

My application needs to read the data from a JSON file on Google Drive before anyone authenticates so the data is displayed publically in the application.

The JSON file is public (anyone with the share link can view) so I tried to fetch the data using the webContentLink, but it failed because CORS header is not present on the requested resource.

There are similar questions about this (e.g. this), but they are from years ago and I couldn't seem to find a good answer.

Is there an alternative way for me to access a public file without authentication? Thank you.

Kenneth Chen
  • 21
  • 5

2 Answers2

0

If a file is public you can use an api key to read it. The application passes this key into all API requests as a key=API_key parameter.

If the file is stored on an account hat you control. Then you can also use a service account depending upon which language you use.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Yes, it's a public file I'm accessing. Is it ok to have this API Key visible in my JS? The code is client-side. – Kenneth Chen Jul 22 '18 at 13:48
  • @DalmTo So you're saying there's no way to read public files while unauthenticated in client-side JS? That's a pretty severe limitation. :( – Lea Verou Jul 24 '18 at 15:31
  • No you can do it with JavaScript there is just a catch 22 that says you need to do it without showing the user your API key which is technically impossible :) – Linda Lawton - DaImTo Jul 24 '18 at 18:59
0

Given that you can't get around CORS if you are using XMLHttpRequest, and exposing the profile key is against security and the service agreement, but the file itself is visible through a link, you may be able to to accomplish your goal through another method.

You could probably use JSONP to accomplish it. But I hope open editing is not allowed on the Google doc, or you have a security risk.

You might also load the file as a plain text file. Two possibilities you could use are an iframe, or an embed. If you do so, you might want to keep that part of the page hidden, but once the file is loaded, then your next task will be to find it and parse it with javascript.

Here are two links about reading data from an embed.

How to access the content of the "embed" tag in HTML

... and referenced from a link in the above ...

http://xn--dahlstrm-t4a.net/svg/html/get-embedded-svg-document-script.html

If you go the embed/iframe route, you will have to handle the parsing yourself, but you can then handle the security.

tealdev
  • 11
  • 1
  • 4