Properly setting the XFrameOptionsMode for Google Apps Script Iframes
I'm reading through the Google Apps Script docs in order to get a grip. Below is my attempt in my .gs file to allow for my web app to be embedded as an Iframe...
function doGet(e) {
//URI PARAMETER VALUE(S)
let mpage = 'mapp';
if ('page' in e.parameters) {
mpage = e.parameters['page'][0]
}
try {
//TRY TO ENABLE THE WEB APP WITH CUSTOM DATA USAGE
let html = HtmlService.createTemplateFromFile(mpage);
html.data = { title: mpage, e: e }
//THE ONLY WAY I KNOW OF ADDING META TAGS TO THE APP
let htmlOutput = HtmlService.createHtmlOutput(html.evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL));
htmlOutput.addMetaTag('viewport', 'width=device-width, initial-scale=1, shrink-to-fit=no');
return htmlOutput;
}
catch (err) {
//IF THERE IS AN ERROR, DISPLAY THE ISSUE
const html = HtmlService.createHtmlOutput('Page Not Found : ' + JSON.stringify(err));
return html;
}
}
Here is my html example of the actual embed....
<iframe src="https://script.google.com/a/macros/.../exec?page=mapp-gallery" frameborder="0" width="100%" height="100%" scrolling="no">
</iframe>
But when I attempt to embed this on any page, I get the following image...
My Apps Script is set to anyone can view. So I am assuming that within my .gs code, the HtmlService.XFrameOptionsMode.ALLOWALL is not set properly.
I can see my web app in Incognito mode if I go there directly through the browser. But how can I fix this situation so that my iframe properly reflects my web app?
let htmlOutput = HtmlService.createHtmlOutput(html.evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL));
HtmlTemplate.evaluate() already returns HtmlOutput. And you set ALLOWALL option on it. But, by feeding the HtmlOutput back to HtmlService.createHtmlOutput, you're creating a new HtmlOutput without a xframe option set on the new object. Fix it by removing redundant and buggy calls:
let htmlOutput = html.evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
Make sure to redeploy or create a new version on the existing deployment. You might also want to set the same on the catch block's HtmlOutput.
- Authentication issue with Google Apps Script deployed as a web app
- How to sort a 2d array in Apps script (google sheet) base on a 1d array
- Control existing check boxes depending on values in another column
- How to run an onEdit function across multiple Google Sheets using a shared Apps Script library
- How to retrieve a Google Drive file link in Google Sheets based on a filename in a specific folder using Apps Script
- How to save new create documents in one file?
- Understanding apps script api calls?
- Google Forms Confirmation Script
- Processing multiple .csv files
- How to sync data between a Google Sheet and a Mysql DB?
- Creating a dropdown using Google Apps Script. Is the method for changing the colours missing or not available yet?
- How to trigger a Google Apps Script once an email get in the inbox?
- How do I locate a Google SpreadSheet ID?
- Automatic logout if the tab is closed or every 15 minutes page will logout in app script web page
- External test access to an unpublished Editor Addon in Google Workspace Marketplace
- Google script web app goes blank page after submit
- Exception: Specified permissions are not sufficient to call SpreadsheetApp.openById
- How to "Nest" (or combine) onEdit() functions
- Passing image in Google drive to multimodal LLM
- How to get week number
- Google apps script, web app invokes CORS policy when using paths
- Show all the data that equals in the inputted values of username by searching the inputted values from Data sheet
- How to copy/move a newly created spreadsheet into a folder
- Chart modify() gives error Exception: Those columns are out of bounds
- How to get font size to show up in a cell
- Append a hyperlink from another column in sheets to a slide deck via appscript
- Function gets wrong value when been called Apps Script
- Merging or Combining two onEdit trigger functions
- The csv import script in google sheet does not work with certain csv, why?
- Receiving error with GmailApp.SendEmail all of a sudden