Reputation: 1439
Google API error, but still works
Im getting this console error on my localhost when connecting to google drive API, but the picker I have configured in my script successfully displays my drive's contents:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin ('http://localhost:8000').
Invalid 'X-Frame-Options' header encountered when loading 'https://docs.google.com/picker?protocol=gadgets&origin=http%3A%2F%2Flocalho…2photos%22))&rpctoken=yxxydsx40r21&rpcService=2dngvfb4tj9x&thirdParty=true': 'ALLOW-FROM http://localhost:8000' is not a recognized directive. The header will be ignored.
Do I ignore this or will it introduce trouble for me down the road?
Upvotes: 34
Views: 5558
Answers (4)
Reputation: 6481
This is a bug
There seems to be a few workarounds there for people using it as part of an Apps Script Add-on, making reference to this stack question:
Though this doesn't work for the official quickstart using JavaScript.
I have tested this with Chrome and Firefox and both give the same results.
If this is affecting you please be sure to go and star the issue linked above.
Upvotes: 1
Reputation: 948
This is a CORS issue Cross Origin Resource Sharing. You will need to add CORS on your server so that it sets correct headers. What is CORS and how to solve
Read up on: Wrong Origin using HTTPRequests
Upvotes: 1
Reputation: 160
While using Google APIs I find it easier setting up a virtual host and adding it to the OS hosts file. If you know how to set up self-signed certificates it can also be helpful.
Personally set up all my projects using Vagrant and Homestead with the SSL flag on. That way I can use the URL https://project.local/ and the browser doesn't complain as much about the X-Frame-Options
To enable SSL put ssl: true under the authorize: ~/.ssh/id_rsa.pub in the Homestead.yaml file that gets generated. By default the certificate won't be trusted so you will have to tell your OS that you want to trust it. I am afraid I don't remember how exactly I did that the last time.
Upvotes: 0
Reputation: 1511
You have to control Google's HTTP headers , make sure to use valid options X-Frame-Options
Upvotes: -1
Related Questions
- Problems with Google Picker API and selecting Google Drive items
- Google Picker API UI not displaying in Chrome, not functioning in Firefox
- Google Drive api Error gapi.client.request
- Intermittent "The API developer key is invalid" error
- Google drive picker error
- Why is Google Picker Hello World not working?
- google api authorization error "invalid cookie policy"
- Google Drive Picker - Developer Key is Invalid Error
- Google JavaScript API returns error on client init
- Bug: Google Drive Picker stopped loading today