Trouble downloading files in Google Apps Script web app after Chrome update

7
votes

I've had a Google Apps Script web app running for a bit over a year which gave users an option to download a csv file. It worked perfectly fine, although in the console it gave a warning about downloading from an iFrame being deprecated.

After updating Chrome, I now get the following error when trying to download:

Download is disallowed. The frame initiating or instantiating the download is sandboxed, but the flag ‘allow-downloads’ is not set. See https://www.chromestatus.com/feature/5706745674465280 for more details.

When following the above link, it provides the following information:

Chrome is planning on removing this capability - i.e. Chrome is going to block all downloads initiated from or instantiated in a sandboxed iframe by default. The embedder may add "allow-downloads" to the sandbox attributes list to opt in. This allows content providers to restrict malicious or abusive downloads.

How can I add "allow-downloads" to the sandbox attributes in the Google Apps Script environment? Alternatively, is there a workaround to enable downloading files?

5
google-chromegoogle-apps-scriptiframeweb-applicationssandbox

5 Answers

5
votes

It is discussed here https://issuetracker.google.com/issues/157368720 that HtmlService.XFrameOptionsMode.ALLOWALL should set allow-downloads on GAS web app sandbox. We should watch this issue for changes.

3
votes

Include sandbox="allow-downloads" in your iframe tag, which contains the code that is used for downloading the CSV file.

2
votes

Update as of 07/29/2020:

The attribute "allow-downloads" has now been added to the sandbox attributes and there is no longer any issue downloading files.

1
votes

There is one work around that I found if you have a download button, you can right click and open in a new tab. You have to rename the file but at least you can get it, until there is a fix.

0
votes

Other than asking the users to right-click to download something, is there a workaround that allows websites to implement buttons that trigger a download on click?

I must be missing something reading the feature that was implemented, but it seems there's no provisions for a website that makes NO USE of iframes and just uses anchor tags to trigger downloads.

What is the recommended way to trigger a download now? I'm sure I am not understanding something here, as surely nobody in their right mind would ever even dream of pushing/accepting a change in production that forbids the very common use-case of implementing a button to download things.

So, I'm definitely missing something and being very thick here. With the new version of Chromium, how can I make something like this work?

<a download="my-download.pdf" target="_blank" href="my-download.pdf">Click here to download</a>