0

I'm trying to redirect a google app script web app onto another app script after button click. I have tried the following:

<button onclick="myFunction()">Replace document</button>
<script>
function myFunction() {
  location.replace("https://www.w3schools.com")
}
</script>

The error is that google script refused to connect. When checking inspect element, it says "X-Frame Options" to 'same-origin'.

Is there a work around on this?

I could use tags but how do I display it after an alert?

TheMaster
  • 45,448
  • 6
  • 62
  • 85
dummydumdum
  • 11
  • 1
  • You can't do this in the browser using `location.replace` for security reasons. https://developer.mozilla.org/en-US/docs/Web/API/Location/replace explains: "a DOMException of the SECURITY_ERROR type is thrown. This happens if the origin of the script calling the method is different from the origin of the page originally described by the Location object..." – Cat Jul 26 '19 at 08:27
  • Is there a way to display the link instead after alert? – dummydumdum Jul 26 '19 at 08:57
  • 1
    Possible duplicate of [Can't stop Google Apps Script from masking redirected URL](https://stackoverflow.com/questions/56685553/cant-stop-google-apps-script-from-masking-redirected-url) – TheMaster Jul 26 '19 at 09:35
  • 1
    @Cat In this case, the location object and the script calling the replace is from the same domain. You can do this in a browser. – TheMaster Jul 26 '19 at 14:21

2 Answers2

1

Issue:

  • Trying to load https://www.w3schools.com in a iframe: Note that your script is served in a sandboxed iframe of different origin by Google. The location here refers to the sandboxed iframe @ https://*-script.googleusercontent.com hosted inside https://script.google.com. When you replace the location, you're replacing the inner sandboxed iframe with w3schools website. Now, w3schools doesn't want to be inside script.google.com or any other website. So, it set it's X-Frame Options to same-origin. Some websites are ok with this. They can be embedded. w3schools isn't one of them.
 =============  
 |GASWebApp  |<---script.google.com[Top Frame]
 |           |  
 |=========  |  
 ||SandBox|  |  
 ||User   |<-|---- Where your html code is
 ||Frame  |  |    (*.googleusercontent.com) 
 |=========  |     [Sandboxed iFrame]
 |           |  
 =============

Solution:

  • Load the web page in the top frame

Snippet:

window.top.location.replace("https://www.w3schools.com")

References:

TheMaster
  • 45,448
  • 6
  • 62
  • 85
0

Would something like this handle your use case?

var trigger = document.getElementById("trigger");
var link = document.getElementById("link");

trigger.addEventListener("click", showMessageAndThenShowLink);

function showMessageAndThenShowLink(){
  alert("You are about to see the link");
  link.style.display = "inline";
}
#link{ display: none; }
<button id="trigger">Show Message</button>
<br />
<a id="link" href="https://www.w3schools.com">www.w3schools.com</a>

Note: In an SO snippet, clicking the link gives a "refused connection" error, but it worked fine from my desktop.

Cat
  • 4,141
  • 2
  • 10
  • 18