javascript - Why do I need CORS header to request a downloadable link? -
i have link allows me download file when click on it. instead of downloading, trying access simple request having cors problems. not have access server side, , therefore have tried far have failed. if understand correctly, suggestions have found far needs me have control on server (i might mistaken, far see server side needs have cors header including domain or have jsonp function envoked).
does mean unable read , parse file downloadable? if yes, how make sense since file public , downloadable when click link. since manually able file, shouldn't possible access code? suggest me solution or give can work on? why code below not work manual click on browser would?
var urlstring = "http://abc.def.com/download?fileid=123&entity_id=123&sid=123"; $.get(urlstring, function(data, status){ alert("data: " + data + "\nstatus: " + status);});
you able download external script manually clicking on link because, well, manually clicked on it! browser knows authorized access url because clicked link pointed it. if bit of javascript accesses url in background, browser can't sure user okay that.
you're thinking "i'm trying download innocent file, why browser not trust me??" let's consider scarier scenario. let's say, instead of trying access http://innocentsite.com/download
, javascript trying access https://bankofamerica.com/initiatemoneytransfer?recipient=oe1&amount=10000
. without knowing it, user has let send $10,000 since logged in on bankofamerica.com.
now, bank of america (or other respectable bank) doesn't allow $10,000 transfers initiated that. example gets idea across -- dangerous webpages able make http requests other domains. that's why cors headers required.
footnote: if hosting own web server, might setting proxy. have url on website automatically retrieves file other website, , serves on domain. way, can retrieve file without needing other website set cors headers.
Comments
Post a Comment