0

I need to parse query param from my google site and display it in an iframe. I'm using Google Script for that:

  1. My script.gs and index.html:

function doGet(e) {
  var template = HtmlService.createTemplateFromFile('Index');
  var test = e.parameter.test;

  template.test = test; 
  console.log(test);
  // Build and return HTML in IFRAME sandbox mode.
  return template.evaluate().setTitle("KPIs")
      .setSandboxMode(HtmlService.SandboxMode.IFRAME)
      .setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
}
<!DOCTYPE html>
<html>
  <head>
    <base target="_top">
    <script>
    var test = document.getElementById('test').innerHTML;
    if (test=="undefined") {
        var test = "DEFAULT";
    }
    </script>
  </head>
  <body>
    <div id="test"><?=test?></div>
  </body>
</html>
  1. After deploy, I got a script link, and if I go to https://script.google.com/macros/s/AKfycbyQJfFcT89GEboMnD_a3WWfS3OPEFeabSdfft7I2X4uFfqRYgQ/exec?test=12345 it works as expected.But when I'm trying put it as embed code I got this error:

Refused to display 'https://....' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

Rubén
  • 34,714
  • 9
  • 70
  • 166
user137
  • 629
  • 1
  • 8
  • 20
  • 2
    What is the embedded code? Which site-new or old? Have you tried republishing a "new" version? – TheMaster Aug 27 '20 at 13:59
  • 1
    New google sites. – user137 Aug 27 '20 at 14:13
  • `Refused to display 'https://....' ` [edit] to show the format of `...` in url – TheMaster Aug 27 '20 at 15:17
  • just visit google script link from my first post, this is the same – user137 Aug 27 '20 at 15:29
  • Your link isn't published for anonymous access. There are [plenty of frames inside the published url](https://stackoverflow.com/questions/63551837/). Check which frame of those throws a error or if it is redirected to Google login page(due to access errors), then `https://...` would be `https://accounts.google.com` – TheMaster Aug 27 '20 at 15:42
  • Refused to display 'https://script.googleusercontent.com/macros/echo?user_content_key=uClcXRy84zk8fdiTdAJJmu_OAnaZ-uL8Kgwh7MeMR7SGMlcTiBA_K9fcM5uq_bqUVV66ySRwTsW35o7pIds1QOrXXhIMs46Km5_BxDlH2jW0nuo2oDemN9CCS2h10ox_1xSncGQajx_ryfhECjZEnJMPFjEmr4Umtqwu_el23HD1T6Zwq6b9GJ0kCul4yufiEYZmvWY1Q5mEaZPcfIZNk_KfVnhjI6Uu&lib=Md1lK6dak7Hlnxptl0M5MLknwysBi2UA3' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'". – user137 Aug 27 '20 at 15:50
  • No repro. Works as intended here. – TheMaster Aug 27 '20 at 16:38
  • 1
    Make sure to publish using " Anyone even anonymous" or be logged in, when visiting the page, when published using "Anyone" – TheMaster Aug 29 '20 at 02:04

0 Answers0