Share files with Google Drive SDK

I've been following Google's documentation to share files on Drive: Share Files

If I upload a file to Google Drive from the Google Drive interface, then try to share this file from my webapp, i get the following error in my javascript console:

in chrome:

Refused to display '…=postMessage&appId=958414147877&' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. 

in firefox:

[14:04:41.157] Load denied by X-Frame-Options: does not permit cross-origin framing.

Now the weird thing is if I create the file from my webapp and upload to Drive through the api, I am able to share the file without problem.

Even stranger, it is enough that I open the file once from within Drive ( I have installed the webapp in my Drive so I can open files using my webapp) to be able to share it, even if later I don't use Drive to open the file anymore.

Any idea what could be causing this kind of behavior?

In my Drive SDK console, I set the Open URL to:

When I open the file in Drive using my webapp, Drive thus redirects me to:,%22action%22:%22open%22,%22userId%22:%22105908447865504163566%22%7D (able to share)

When I open a file in my webapp, the URL is like: (able to share only if opened from drive once before)


I realized this is the standard behavior for Google Drive API as described here:

When users approve these scopes, the app is installed for the user, with access to files that the user creates or opens with the app.

Is there a way to allow the app to open / write any file?

I thought that using the scope when registering my app would allow me to do this, but doesn't seem to be the case..



I am running into exactly the same issue.

My app is requesting the full drive scope (so the app should have access to all files). But sharing only works if the file has been opened by the user from the drive before. There seems to be some magic "while-listing" of files that have been opened from drive.

When accessing a file that has not been opened from drive before I get...

Refused to display htps://…ent=postMessage&appId=46459361793&' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

...which obviously is misleading as the share button is not in a frame.

Opening the give url in a new browser tab gives a hint to the real root-cause: Application '3453459361793' is not authorized to access document "0B0o5345345DAc_SiTEhYamxfUnc2MnM".

My app should have access to the document but it looks as if the "share dialog" acts as a separate app that will only allow access to files that have previsouly been opened from drive.


For security reasons drive will not let you use that dialog unless you're at the URL specified in by your "Open URL".

Your current URL !=

So you might want to change your URL structure. Maybe something like

This is real pain in the neck, especially when developing on a different domain.


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.