Embedding Google Apps Script in an iFrame

Question

I am trying to embed a page that is dynamically built using Javascript in Google Apps Script into my website in an iFrame, but the iFrame's content isn't shown. Google Apps Script has a same-origin policy which prevents it from loading.

What I am trying to do is (I removed the full link):

<iframe src="https://script.google.com/a/macros/SCRIPT_ID"></iframe>

The error I am getting is:

Refused to display 'https://script.google.com/a/macros/SCRIPT_ID' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

Is there a way to alter the policy and load the content in an iFrame?

Dmitry · Accepted Answer · 2016-11-28 11:38:24Z

Google had just recently enabled this feature. It has been under a 'feature request' status for quite a long time. Link here

You can now explicitly define X-Frame-Options.

To allow embedding under another domain, the option should be HtmlService.XFrameOptionsMode.ALLOWALL

Google documentation on the subject:

https://developers.google.com/apps-script/reference/html/html-output#setXFrameOptionsMode(XFrameOptionsMode)

Example:

function doGet() { return HtmlService.createTemplateFromFile('form.html') .evaluate() // evaluate MUST come before setting the Sandbox mode .setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL); }

Hope this helps!

is this still valid ? As i still getting the X-Frame-Options' to 'SAMEORIGIN'.
@inrsaurabh did you find a solution? i'm still getting this issue even after implementing the answer

Chesare · Accepted Answer · 2017-11-08 18:35:41Z

I was having this issue on the doPost response form, only in dev mode, and corrected it by changing target="_self" to target="_top" on the initial doGet form.

 <form method="POST" id="ss-form" target="_top" action="<?!=SETTINGS.PUBLISHED_URL?>">

Collectives™ on Stack Overflow

Embedding Google Apps Script in an iFrame

2 Answers 2

2 Comments

1 Comment

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

2 Comments

1 Comment

Linked

Related