How do I avoid this X-Frame-Options SAMEORIGIN error when running the Google "Hello Analytics" API tutorial?

I've been trying to run the tutorial to get up and running with pulling data programmatically from Google Analytics.

I've copied the sample files exactly, but when I access them via localhost in Chrome, I get the following error in the JavaScript console, and get redirected to about:blank :

Refused to display '' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I've tried all manner of tweaks but can't get this error to go away. Hope someone can assist (or indeed just direct me to a simple, working, Javascript example for accessing the Google Analytics API.


Please check the Authorized JavaScript origins url in the Google API console in your Oauth Settings. This must be where you are authorising the javascript.

I was having the same issue yesterday but then I realised I was using the wrong Client ID on my Credentials.

You should double check if you created a 'Client ID for web application' on APIs & auth > Credentials. And then use that Client ID.

I my case, I wrongly created a 'Service Account' first and used that Client ID. Then I realised the mistake and created a 'Web Application' and replaced the Client ID on hello_analytics_api_v3_auth.js (according to the tutorial on

Btw, don't forget to create a Public API Access key.

EDIT: if you are using the google example fix the following function:

function handleAuthResult(authResult) {
  if (authResult) {
    gapi.client.load('analytics', 'v3', handleAuthorized);
  } else {

On the if statement, change to:

if (authResult && !authResult.error)

So you would end up with:

function handleAuthResult(authResult) {
  if (authResult && !authResult.error) {
    gapi.client.load('analytics', 'v3', handleAuthorized);
  } else {

My colleague found the bug and made a pull request to fix it. I hope that sorts the issue now. It sorted for me ;-)

I was having the same issue with a Fusion table example I found online.

None of the answers I found online were useful at all but I finally solved the issue as follows:

Open the dev console in Chrome which shows the error and the url it is trying to access, open the Url in a new tab.

The page shows this:

400. That’s an error.
Error: invalid_request
Parameter not allowed for this message type: client_secret 

So I edited the code:

  function auth(immediate) {
      client_id: clientId,
      <!--client_secret: clientSecret,-->
      scope: scopes,
      immediate: immediate
    }, handleAuthResult);

Et voila (:

I had this error message many times before. Most of the time I just did call Google API inconsistently. To figure out, click the URL in the dev. console. A new window opens and you get a message like this:

That’s an error.
Error: invalid_scope
Some requested scopes were invalid ...

I got it to work by clearning my cookies. --Solution posted in this similar issue here: Google+ API "400 (Bad Request)" and "Refused to display ... in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." errors

Need Your Help

Template Haskell: Is there a function (or special syntax) that parses a String and returns Q Exp?

haskell template-haskell

I am trying to learn a bit of Template Haskell and Quasi Quotation, and I am looking for a function that takes a String and parses it to Q Exp, so the type is:

SQL Server - An error occurred while executing batch. Error message is: The directory name is invalid

sql sql-server-2005

Our database server had run out of disk space, after freeing up some disk space any query run in sql server management studio, with the results sent to grid view, resulted in this error: