Load denied by X-Frame-Options - does not permit cross-origin framing

[paragjoshi]

I tried to run the sample code as given here :
https://developers.google.com/youtube/v3/code_samples/javascript

When I tried to load html using http://localhost/, I immediately get the error in subject line as in:
Load denied by X-Frame-Options: https://accounts.google.com/o/oauth2/auth?client_id= ... &origin=http%3A%2F%2Flocalhost%3A5000 ... (so on) ... does not permit cross-origin framing

The html just contains the following script tags (exactly as in the sample html file).

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
<script src="auth.js"></script>
<script src="search.js"></script>
<script src="https://apis.google.com/js/client.js?onload=googleApiClientReady"></script>

Can anybody please explain / help to fix this problem?

[bsittler]

Is this issue still happening?

[paragjoshi]

I think so but it has been a long time so I have forgotten the details.

On Tue, Mar 8, 2016 at 12:25 PM, Benjamin C. Wiley Sittler <
notifications@github.com> wrote:

Is this issue still happening?

—
Reply to this email directly or view it on GitHub
#209 (comment)
.

[frutality]

Hi. Found this issue at Google search.

I have exactly same problem. This code:
gapi.auth.authorize({client_id: social.yt.clientID, scope: social.yt.scopes, immediate: true}, handleAuthResult);
Throws an error at browser console. It says "Load denied by X-Frame-Options: very_long_url does not permit cross-origin framing".

At my Google Developer Console I set a referrer to "localhost". I tried "localhost/" and "" and just blank field. The same error. Any way to test APIs from localhost?

[frutality]

Found solution. Need to create 2 Credentials at https://console.developers.google.com

1. API Key, type "Browser". Here you get api_key for gapi.client.setApiKey method
2. OAuth 2.0 client ID, type "Web application". Here you get client ID for gapi.auth.authorize method

[TMSCH]

Thanks @frutality for the information on how to fix this issue. Closing this bug.