0

I am essentially just trying to get rid of the warning that google gives when viewing Google Script App. Its this one: "This application was created by another user, not by Google"

I have a Google App Script that is working well and functioning the way I need on its own, but in order to get rid of the warning I have embedded it into my Wix page and set my base target values to _self. I got the fix from this video: https://www.youtube.com/watch?v=RJtaMJTlRhE

Problem: Embedding the page partially solves the problem in that the first page shows without the warning, but other links will not load. And depending on my base target value, I either get errors about my iFrame being set to same origin, or they will load but I still get the warning.

Setup: For doing multiple pages I am using a method in which I give parameters in my URL that allow me to load different html pages within my Google script. For example https://[scriptURL]/exec/?page=home

The first page prompts the user for a code, then this code is matched with a row in a Google Sheet to find the matching client. Then the page redirects to a dashboard page with "code" and "page" as parameters.

Within the iFrame, this first part works perfectly in that it will take the prompt, redirect to the page and load the dashboard populated with the client info and NO warning from google is showed.

This is the HTML for that page:

<html>
  <head>
    <base target="_self">
  </head>
  <body>
  </body>
</html>

<script>
var code = prompt("Please enter your client Code");
window.self.location.href='<?= url ?>?page=home&code='+code;
</script>

So this page loads with no google warning, But on this page I have a link using similar method: <a href="<?= url ?>?page=SetGrid&code=<?= code ?>">Set Grid</a> But based on the target value of the page, this link either fails or shows the google warning again

Settings

My google script is evaluating pages using: setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL)

My iFrame:

<iframe src="https://script.google.com/macros/s/[scriptID]/exec" frameborder="0" width="100%" height="600px"></iframe>

I have tried the following

- setting target to <base target="_top"> - This is the default and will allow the link to load new page but shows the warning

- setting target to <base target="_self"> - This loads the link but shows blank page and console gives warnings about my iFrame being set to sameorigin

- setting target to <base target="_parent"> - This will not load the link at all and says that I cant load ancestor pages

- changing my <a href> to a JS window.location method - This gives same issue as above depending on the target value

I am confused because I have allowAll set in google, and I have no sandbox restrictions in my iFrame.

Theories -After the first redirection from the "enter code" page to the dashboard page I'm in a tangle of nested iFrames. -My method of using parameters in the URL might be confusing matters. -Redirect at the start works differently from standard href links?

Questions How do I get rid of this warning with a different method OR How do I get my URL parameters navigation method to work with embedding?

Different Gravity
  • 153
  • 12
  • @TheMaster - I saw this, but I was still new to the problem and didnt quite understand it... I am taking a second look now. But can I just clarify something... You say to use window.parent.parent.location = link; Should this be for any link? Or just the first redirect I have (login to home)? or leave my redirect as is and only use this for subsequent links? – Different Gravity Jul 22 '20 at 07:10
  • If you read below, I explain why `window.parent.parent.location = link` won't work at all and to use `postMessage`. Read the references first to get a better understanding. – TheMaster Jul 22 '20 at 07:11
  • My apologies, I didnt look properly - I will do some more research on how to implement postMessage and If can get it to work I will tag your response as answer – Different Gravity Jul 22 '20 at 07:14
  • Im still a little unclear on how to implement your suggested answer. I think Im close but its not there yet. Can you clarify a couple of things for me from the answer you suggested? The "Top Frame (#0)" snippet is the iframe for my wix site? And the "Sandboxed Html" snippet that is the new method I should use for any time I want to click a link and go to any subsequent URLs in my app? – Different Gravity Jul 22 '20 at 14:04
  • 1. Top frame is your site(Not a frame inside it). 2. Yes – TheMaster Jul 22 '20 at 14:33
  • Thanks @TheMaster - Another Question: In your snippet you have `https://[SCRIPT_ORIGIN]script.googleusercontent.com` - I have 2 questions about this - 1) is the script origin my wix domain? 2) If it is, should it be myWixDomain.com.script.googleusercontent.com (with a dot between origin and script) ? – Different Gravity Jul 22 '20 at 23:41
  • I GOT IT WORKING!!!!!!!!!!!! I went to the page source and found the [SCRIPT_ORIGIN] by searching for "script.googleusercontent.com" – Different Gravity Jul 23 '20 at 00:25
  • Glad to help..! – TheMaster Jul 23 '20 at 04:45

0 Answers0