{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Fickle 薄情 的问题《Google Drive API Application data accessing creden》','https://www.manongdao.com/q-1343546.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to obtain credentials from Google Console to access my Application Drive data through Web browser(Javascript) option (In order to use Picker API latter on). But when I select option Application data(Access data belonging to your own application) I got the message:
Application data cannot be accessed securely from a web browser. Please consider selecting another platform.
Can anyone explain, why It is not secure, and how can I access my application data using Web browser, maybe should choose different credentials?
Thanks.
Found this on Drive's Application Data guide.
It also might help if you read more on Working with the Application Data folder. Hope that helps.
You can access your Google Drive Data in three possible ways:
I suppose you're trying the second option. I had the same problem, when you are going through the step-by-step it says it would be insecure for Drive, which I don't understand, since you'd be sharing a public key and be acessing only publicly available files.
To generate this key you can go https://console.developers.google.com/apis/credentials click "create creadential" and select "API key".
Just remember, the api key is useless to do anything you'd need special permissions to, the only thing you can do with this is read public files/folders.
Now, if it's not the second option you need, if you need to access private data of your application in the browser. It's not possible for the exact reason it says it isn't, it's not secure. The key would be visible in every request you make, it would be very easy for someone to steal your key and do whatever he/she wants to your Drive account.
But, if you need to access private stuff in the browser I suppose you have a login system, if not, there's no reason for it to be private in Google Drive (anyone would have access anyway). If you have a login system you must have a server-side application. In this case, the correct thing to do is move all your calls to the Drive api to your backend and use a private key (third option in the previous list) to authenticate.