Embedding Google Apps Script in an iFrame
I am trying to embed a page that is dynamically built using Javascript in Google Apps Script into my website in an iFrame, but the iFrame's content isn't shown. Google Apps Script has a same-origin policy which prevents it from loading.
What I am trying to do is (I removed the full link):
<iframe src="https://script.google.com/a/macros/SCRIPT_ID"></iframe>
The error I am getting is:
Refused to display 'https://script.google.com/a/macros/SCRIPT_ID'
in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Is there a way to alter the policy and load the content in an iFrame?
Solution 1:
Google had just recently enabled this feature. It has been under a 'feature request' status for quite a long time. Link here
You can now explicitly define X-Frame-Options.
To allow embedding under another domain, the option should be HtmlService.XFrameOptionsMode.ALLOWALL
Google documentation on the subject:
https://developers.google.com/apps-script/reference/html/html-output#setXFrameOptionsMode(XFrameOptionsMode)
Example:
function doGet() {
return HtmlService.createTemplateFromFile('form.html')
.evaluate() // evaluate MUST come before setting the Sandbox mode
.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
}
Hope this helps!
Solution 2:
I was having this issue on the doPost response form, only in dev mode, and corrected it by changing target="_self" to target="_top" on the initial doGet form.
<form method="POST" id="ss-form" target="_top" action="<?!=SETTINGS.PUBLISHED_URL?>">