How to access camera from google apps script webapp framed in a cross origin site?

Question

I have a iframe on my page. The iframe src is a google webapp with src="https://script.google.com/macros/s/.......".

That page is a form and it works with camera and geolocalisation. My problem is, when I directly access the form without framing, it works perfectly, but when I frame the apps script web app, the form works but camera and geo doesn't.

I mean: if I use https://script.google.com/macros/s/.... the form works perfect! but if I use iframe on my web page, the camera and geo no work! <iframe src="https://script.google.com/macros/s/......."></iframe> I tried adding allow="camera; microphone and another attributes but still no work it.

How can I solve that?

here my link iframe: iframe allow="camera *; microphone *" src="https://script.google.com/macros/s/AKfycbzsaOlh4Gp2EJmdyQ9cvkYmezTCsg_9wd6ILjdwTe6MRgNBDitcE5Hijr2sNeBknMvp/exec" width="750" height="1100" frameborder="0" marginheight="0" marginwidth="0" id="cultos" name="cultos">/iframe

link script https://script.google.com/macros/s/AKfycbzsaOlh4Gp2EJmdyQ9cvkYmezTCsg_9wd6ILjdwTe6MRgNBDitcE5Hijr2sNeBknMvp/exec note: link script work 100% but on iframe no work camera and geolocalitation

the form work pefect on url script and iframe, but camera and geo no work on iframe — Asamblea Cristiana, Oct 05 '21 at 21:05
i have this errors Access to XMLHttpRequest at 'https://script.google.com/wardeninit?_reqid=80444&rt=j' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. — Asamblea Cristiana, Oct 06 '21 at 01:23
and this 1453801117-warden_bin_i18n_warden__es.js:157 POST https://script.google.com/wardeninit?_reqid=80444&rt=j net::ERR_FAILED — Asamblea Cristiana, Oct 06 '21 at 01:24
and this GET https://doc-0g-4s-docs.googleusercontent.com/docs/securesc/ri901ootvh9vqrdlem0ab6clgjrlk8sb/va4tnln0iirune7rrd7g37tt5paedksc/1633478475000/14314017474793383625/14314017474793383625/13Fg8mnNtiwN_98G6e3seAIkHQH1MaA7-?e=download&authuser=0 403 — Asamblea Cristiana, Oct 06 '21 at 01:25

score 2 · Answer 1 · answered Oct 05 '21 at 21:58

2

Since Google apps script web app is a nested iframe with different origins, you might need to add a specific allowlist along with allow.. This is because the default allow's allowlist defaults to src. Thus it won't allow nested cross origin iframes. Try

<iframe src="https://script.google.com/macros/s/......." 
        allow="camera https://[SCRIPT_ID].googleusercontent.com"></iframe>

Here, SCRIPT_ID can be found by examining the "#1 Outer sandbox iframe" html structure according to the structure here. Alternatively and less securely, you can allow all origins using *,

<iframe src="https://script.google.com/macros/s/......." 
        allow="camera *"></iframe>

answered Oct 05 '21 at 21:58

TheMaster

45,448
6
62
85

thx ill test it, – Asamblea Cristiana Oct 05 '21 at 23:28
@AsambleaCristiana Did it work? adding a ``*``work?(``allow="camera *"``) – TheMaster Oct 06 '21 at 12:43
nope, here my link if u can help me! thx for ever!, https://asambleacristianamendoza.com/index.php/inscripciones-maipu/ here is embeb code AND this my link to apps https://script.google.com/macros/s/AKfycbzsaOlh4Gp2EJmdyQ9cvkYmezTCsg_9wd6ILjdwTe6MRgNBDitcE5Hijr2sNeBknMvp/exec – Asamblea Cristiana Oct 06 '21 at 13:11
if u use url link work 100%!, but if u use throught iframe no work camera and geolocalitation – Asamblea Cristiana Oct 06 '21 at 13:14
@AsambleaCristiana Is this in chrome? – TheMaster Oct 06 '21 at 13:26
yes ... but on my mobile phone it doesn't work either – Asamblea Cristiana Oct 06 '21 at 14:04
try u to fill form in both and tell me, ill check it – Asamblea Cristiana Oct 06 '21 at 14:04

How to access camera from google apps script webapp framed in a cross origin site?

1 Answers1