[SOLVED] Google Drive API: Download file gives lockedDomainCreationFailure error

Google Drive API: Download file gives lockedDomainCreationFailure error

I'm trying to download a file with the Google Drive File Picker (based upon this example https://gist.github.com/Daniel15/5994054). The File Picker works fine up to the point where it comes to download a file. It runs into a 400 Bad-Request (lockedDomainCreationFailure) error.

Here's the code:

function downloadFile(file, callback) {
  if (file.downloadUrl) {
    var accessToken = gapi.auth.getToken().access_token;
    var xhr = new XMLHttpRequest();
    xhr.open('GET', file.downloadUrl);
    xhr.setRequestHeader('Authorization', 'Bearer ' + accessToken);
    xhr.onload = function() {
      callback(xhr.responseText);
    };
    xhr.onerror = function() {
      callback(null);
    };
    xhr.send();
  } else {
    callback(null);
  }
}

Here's the error message:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "lockedDomainCreationFailure",
    "message": "The OAuth token was received in the query string, which this API forbids for response formats other than JSON or XML. If possible, try sending the OAuth token in the Authorization header instead."
   }
  ],
  "code": 400,
  "message": "The OAuth token was received in the query string, which this API forbids for response formats other than JSON or XML. If possible, try sending the OAuth token in the Authorization header instead."
 }
}

It tells that to OAuth token was given in the query string, which as I see is not true. Here's the request:

GET /drive/v2/files/{file-id}?key={app-key}&alt=media&source=downloadUrl HTTP/3
Host: content.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: */*
Accept-Language: en,de;q=0.7,en-US;q=0.3
Accept-Encoding: gzip, deflate, br
Authorization: Bearer {oauth-token}
Origin: http://localhost:8800
DNT: 1
Connection: keep-alive
Referer: http://localhost:8800/
TE: Trailers

Since I'm using the download url provided by to Google API and the authorization is given in the request header, i've got no clue why I run into this error.

I appreciate any ideas.

Solution

The solution was to change the host content.googleapis.com (what was provided as download url from the Google API) to www.googleapis.com. Thanks ziganotschka for that hint!

So the correct download url is https://www.googleapis.com/drive/v2/files/{file-id}?key={app-key}&alt=media&source=downloadUrl. It must contain "alt" and "source" query parametes, otherwise you get file meta data only, but not its content. No need to change the "Accept" header.