google apps script & picker in iframe

Question

The problem with displaying google picker in apps script when placing the script in a iframe of another web site. When you call the picker, a white square is displayed.

Not in the frame of another web site, the picker works fine.

HtmlService google apps script

function doGet() {
return HtmlService.createTemplateFromFile('form.html')
    .evaluate() 
    .setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);}

https://stackguides.com/questions/40842627/embedding-google-apps-script-in-an-iframe#answer-40843413

The picker is based on this documentation -

https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs

I decided to try a demo premium script File Upload Form.

https://ctrlq.org/code/19747-google-forms-upload-files

Will insert the script into the frame, but the result was similar - an empty white square.

https://script.google.com/macros/s/AKfycbxlX3r_dt_ZLZC9TqloaqtdextROJoIH9mUDu3MWOiXtI6ADhqb/exec

Example

http://jsfiddle.net/qqq7df51/

Whether it is possible to solve this problem.

Teyam Teyam · Accepted Answer · 2017-06-17T12:20:10

As mentioned in Enum XFrameOptionsMode,

Setting XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer should implement their own protection against clickjacking.

With this, you may want to check implementation of protection against clickjacking. Try to add the X-Frame-Options HTTP Response header to any page that you want to protect from being clickjacked via framebusting.

For more information, visit Clickjacking Defense Cheat Sheet.

google apps script & picker in iframe

1 Answers