Im getting this console error on my localhost when connecting to google drive API, but the picker I have configured in my script successfully displays my drive's contents:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin ('http://localhost:8000').
Invalid 'X-Frame-Options' header encountered when loading 'https://docs.google.com/picker?protocol=gadgets&origin=http%3A%2F%2Flocalho…2photos%22))&rpctoken=yxxydsx40r21&rpcService=2dngvfb4tj9x&thirdParty=true': 'ALLOW-FROM http://localhost:8000' is not a recognized directive. The header will be ignored.
Do I ignore this or will it introduce trouble for me down the road?
This is a CORS issue Cross Origin Resource Sharing. You will need to add CORS on your server so that it sets correct headers. What is CORS and how to solve
Read up on: Wrong Origin using HTTPRequests
While using Google APIs I find it easier setting up a virtual host and adding it to the OS hosts file. If you know how to set up self-signed certificates it can also be helpful.
Personally set up all my projects using Vagrant and Homestead with the SSL flag on. That way I can use the URL https://project.local/ and the browser doesn't complain as much about the X-Frame-Options
To enable SSL put ssl: true under the authorize: ~/.ssh/id_rsa.pub in the Homestead.yaml file that gets generated. By default the certificate won't be trusted so you will have to tell your OS that you want to trust it. I am afraid I don't remember how exactly I did that the last time.
You have to control Google's HTTP headers , make sure to use valid options X-Frame-Options
来源:https://stackoverflow.com/questions/29658088/google-api-error-but-still-works