New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
breaking API changes on September 13th #906
Comments
was going to post this but since already here, bump |
One comment i'd like to add. this wording is confusing `Items that have a Drive API permission with type=domain or type=anyone, where withLink=true (v2) or allowFileDiscovery=false (v3), will be affected by this security update. In addition to the item ID, your application may now also need a resource key to access these items. Without a resource key, requests for these items may result in a 404 Not Found error (See below for details). Note that access to items that are directly shared with the user or group are not affected. (Screenshot of the email -> https://i.postimg.cc/1zb82Xzn/image.png) Does this mean this change affects if one of the 3 conditions are met?
And if you're using gspread to SHARE a spreadsheet (instead of user requesting that it be shared), this resource key is irrelevant? |
Thank you for reporting this. Many thanks for the additional details. I haven't yet received the email from Google regarding the upcoming changes. Open for a PR with a fix for this change. |
Full email with linksHello Google Drive Developer, We have identified you as a Developer who has used the Drive API in the last 30 days. We are writing to let you know that on September 13, 2021, Drive will apply a security update that will change the links used to share some files, and may lead to some new file access requests. Access to files won’t change for people who have already viewed or modified these files. Please update your code as detailed below before September 13, 2021, to avoid failing requests. What do I need to know? In addition to the item ID, your application may now also need a resource key to access these items. Without a resource key, requests for these items may result in a 404 Not Found error (See below for details). Note that access to items that are directly shared with the user or group are not affected. Will this change affect me? What do I need to do? Changes to the Drive API If the file is a shortcut file, then the resource key for the target of the shortcut can be read from the shortcutDetails.targetResourceKey field of the same resource. Changes to Apps Script Note: When fetching a file or folder, the resource key can be specified on the getFileByIdAndResourceKey or getFolderByIdAndResourceKey methods. The state information for a New URL will contain folderResourceKey, which is the resource key of the folder where the new item should be created. Which projects may be affected? ____ DELETED____ Thanks for choosing Drive API. Sincerely, The Google Drive Team |
Yeah, I got this too. Hopefully, a quick fix or I'm in trouble :) |
From our testing this only appears to affect older versions on Python 2.7. Newest version 4.0.1 on Python 3.8.2 is not affected. |
Thanks. Is there any way to confirm for other versions of gspread? We are
running 3.7.0 with python 3.8.
…On Thu, Aug 12, 2021 at 4:15 PM BEVer69 ***@***.***> wrote:
From our testing this only appears to affect older versions on Python 2.7.
Newest version 4.0.1 on Python 3.8.2 is not affected.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#906 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABDDXTPQNMEQOJUPSFG74KDT4RIZZANCNFSM5B6AOSEA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
@BEVer69 Might I ask how you were able to tell? The way I understand it, the changes will only be breaking from September 13th onward? |
Yesterday we experienced a 404 error using our old version. I attributed
this to the new security changes being implemented.
…On Fri., Aug. 13, 2021, 8:40 a.m. Wouter Symons, ***@***.***> wrote:
From our testing this only appears to affect older versions on Python 2.7.
Newest version 4.0.1 on Python 3.8.2 is not affected.
Might I ask how you were able to tell? The way I understand it, the
changes will only be breaking from September 13th onward?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#906 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADAL7CYIZWKLM2WMWSFESWLT4UHERANCNFSM5B6AOSEA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
Does 4.0.1 use the resource key? |
hi @BEVer69
could you solve this problem? We experienced with same issue here - got 404 Page not found since one day. |
I doubt that is what is causing your issue. Google clearly states the change will take place Sept. 13. |
Hi Arvin,
After more testing we realized that the issue was with authentication.
While using Gspread version 0.6.2 we used the oauth2client module. When
upgrading to 4.0.1 we switched to gspread.service_account. This resolved
our 404 issue.
So in the end it doesn't appear to be related to the September 13th Google
Drive API security update but thought it may help others at it occurred
near the same time.
…On Fri., Aug. 13, 2021, 12:23 p.m. Ervin Hegedus, ***@***.***> wrote:
hi @BEVer69 <https://github.com/BEVer69>
Yesterday we experienced a 404 error using our old version. I attributed
this to the new security changes being implemented.
could you solve this problem? We experienced with same issue here - got
404 Page not found since one day.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#906 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADAL7CZ4DAUNL3HVU4N5SMTT4VBJXANCNFSM5B6AOSEA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
I am getting the 404, but only on my App Engine code. I run it locally and all is fine, when I deploy it on App Engine I get a 404. Here is what I get http://coastalflyrodders.com |
@burnash - Hi Anton - Just checking in about this issue. Is someone lined up to test/fix it? I'd like to have a solution in place by 9/1 so we have breathing room against the deadline. I imagine others would like that, too. Thanks! |
Just updated requirements.txt and updated, it works fine now |
Hi everyone, I received this email too and I am aware that we'll need to make some changes in gspread very soon in order to support that new security fix from Google. After reading the whole email, the documentation about sharing files I understand the following points:
|
Hi @mowliv I understand everyone using gspread need to have a few days ahead of the deadline to test it but I can't confirm the exact it's going to be released. What I am most afraid of is: I could come up with something, release it, you could take that release try it but before the 13th this resource key would not have any effect anyway so wouldn't know of you provided the right header, the right value etc.... So in my mind what I can do best is:
If it doesn't.... Fix it 😁😅 Conclusion: |
Thanks very much, @lavigne958! I appreciate your in-depth research and clear explanation. Based on that, it seems our project isn't affected because we don't use public links. Agreed, it is far from ideal that there is no way to test before the 13th. Thanks to you and the team for gspread awesomeness :) |
Today is the day this is supposed to roll out. Does anyone know if it's out yet? Things are working for me. |
No time for me to work on it recently. this is my next priority to look at. |
Same here: things seem to be working like they did yesterday. Is there any way for us to check if the changes were already made live, by Google? When do they usually apply changes? at the end of the day, at the start of the day, or some random time? |
Hi everyone, I ran some tests and I don't see any issue opening a spreadsheet using a public link, and when I take a private spreadsheet and share it publicly then I don't get the I don't understand if something has changed or not. If anyone encounter an issue please post a comment here we'll investigate from there. |
Hello everyone, it has been over a month now and no one seem to report any issues with the Closing this issue. Anyone facing an issue related to this API change, please comment here. |
I received an email from Google today notifying me that my code (that they detected uses the Google Drive API) might require some changes due to a security update they applied.
The email says (among other things):
Since gspread abstracts the Google API, my guess is that the changes will need to be made in gspread, and not in my own code. Is this assumption correct?
If yes, were you guys aware of this change?
KR
The text was updated successfully, but these errors were encountered: