X has an authentication mechanism, which decides whether a client is allowed to connect to a server
Without know other details such as the user trying to access X, I can't be as specific with this answer as I would generally like, but you can try this and see if it works:
xhost +localhost From man page: The xhost program is used to add and delete host names or user names to the list allowed to make connections to the X server. In the case of hosts, this provides a rudimentary form of privacy control and security. It is only sufficient for a workstation (sin‐gle user) environment, although it does limit the worst abuses. Environments which require more sophisticated measures should implement the user-based mechanism or use the hooks in the protocol for passing other authentication data to the server.
+ Access is granted to everyone, even if they aren't on the list (i.e., access control is turned off).