Menu
Today Google Picker stopped working in my Google Sheets add-on without any changes to the code. The error in the modal dialogue reads:
Invalid origin value.
The errors in console are:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin ('https://n-a6p4dqsl***d6wq-0lu-script.googleusercontent.com')
dropping postMessage.. was from unexpected window
dropping postMessage.. was from unexpected window
Invalid 'X-Frame-Options' header encountered when loading 'https://docs.google.com/picker?protocol=gadgets&origin=https%3A%2F%2Fdocs.google.com%2F&sdr=true&title&oauth_token=<oathToken>&developerKey=<developerKey>&hostId=n-a6p4dq***d6wq-0lu-script.googleusercontent.com&relayUrl=https%3A%2F%2Fn-a6p4dq***d6wq-0lu-script.googleusercontent.com%2Ffavicon.ico&nav=((%22documents%22%2Cnull%2C%7B%22selectFolder%22%3Atrue%2C%22parent%22%3A%22root%22%7D)%2C(%22documents%22%2Cnull%2C%7B%22dr%22%3Atrue%2C%22includeFolders%22%3Atrue%7D))&rpcService=qhurmoc5w4l7&rpctoken=xssf8g42xc2&thirdParty=true#rpctoken=xssf8g42xc2': 'ALLOW-FROM https://docs.google.com/' is not a recognized directive. The header will be ignored.
It maybe that the error is linked to this line of code where I do setOrigin():
var picker = new google.picker.PickerBuilder()
.addView(driveView)
.addView(drivesView)
.hideTitleBar()
.setOAuthToken(token)
.setDeveloperKey(DEVELOPER_KEY)
.setCallback(pickerCallback)
--> .setOrigin(google.script.host.origin)
.setSize(DIALOG_DIMENSIONS.width - 2,
DIALOG_DIMENSIONS.height - 2)
.build();
But this line is directly from the documentation of the Google Picker API and worked properly before. If I change google.script.host.origin, that returns https://docs.google.com as url to https://n-a6p4dqsl***6wcd6wq-0lu-script.googleusercontent.com, I get the same error and a new one, so that is not it.
I also cannot add this as as an authorized javascript origin in the GCP project as it returns the following error:
Invalid Origin: uses a forbidden domain
(This has been the case of a while)
This seems like a new error and I wasn't able to find an answer neither on Google's issues tracker nor on StackOverflow.
Anyone facing this as well or have an idea how it can be handled?
314
On a fresh browser, encountering this flow results in the Google Picker window asking the user to sign in again. If the user chooses to do so an additional popup will be triggered that automatically executes a login flow again and the user is then informed that "The API developer key is invalid."
What is truly unexpected about this is that if the user refreshes the page and repeats the exact same actions the Google Picker works exactly as expected. The only way to replicate the anomalous behaviour is to clear all the browser cache, cookies and any other site related settings.
Google APIs must use the canonical error codes defined by google.rpc.Code . Individual APIs must avoid defining additional error codes, since developers are very unlikely to write logic to handle a large number of error codes.
The error model for Google APIs is logically defined by google.rpc.Status , an instance of which is returned to the client when an API error occurs. The following code snippet shows the overall design of the error model: // different programming environments, including REST APIs and RPC APIs.
Putting an end, the only way to solve this is to remove the trailing slash after
From
docs.google.com/
To
docs.google.com
Contrary,
The google.script.host.orgin gives the "https://docs.google.com/" which causes the error. Hence you need to hard code as
"https://docs.google.com"
Google has made some changes recently which might have bubbled this issue.
UPDATE
You can use this function - and call - ...... setOrigin(getOrigin())
function getOrigin() {
var url = google.script.host.origin;
return url.substr(url.length - 1) === "/" ? url.substr(0, url.length - 1) : url;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
