iframe 中的谷歌应用脚本和选择器
[英]google apps script & picker in iframe
问题描述
The problem with displaying google picker in apps script when placing the script in a iframe of another web site.
将脚本放置在另一个网站的 iframe 中时,在应用程序脚本中显示谷歌选择器的问题。 When you call the picker, a white square is displayed.当您调用选取器时,会显示一个白色方块。
Not in the frame of another web site, the picker works fine.不在另一个网站的框架中,选择器工作正常。
HtmlService google apps script HtmlService 谷歌应用脚本
function doGet() {
return HtmlService.createTemplateFromFile('form.html')
.evaluate()
.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);}
The picker is based on this documentation -选择器基于此文档 -
https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs
I decided to try a demo premium script File Upload Form.我决定尝试一个演示高级脚本文件上传表单。
https://ctrlq.org/code/19747-google-forms-upload-files
Will insert the script into the frame, but the result was similar - an empty white square.将脚本插入框架,但结果是相似的 - 一个空的白色方块。
https://script.google.com/macros/s/AKfycbxlX3r_dt_ZLZC9TqloaqtdextROJoIH9mUDu3MWOiXtI6ADhqb/exec
Example例子
http://jsfiddle.net/qqq7df51/ http://jsfiddle.net/qqq7df51/
Whether it is possible to solve this problem.是否可以解决这个问题。
3 个解决方案
解决方案1
0 2017-06-17 12:20:10
As mentioned in Enum XFrameOptionsMode , 如Enum XFrameOptionsMode中所述 ,
Setting
XFrameOptionsMode.ALLOWALLwill let any site iframe the page, so the developer should implement their own protection against clickjacking.XFrameOptionsMode.ALLOWALL将使任何网站XFrameOptionsMode.ALLOWALL对页面进行XFrameOptionsMode.ALLOWALL,因此开发人员应实施自己的保护措施,以防止点击劫持。
With this, you may want to check implementation of protection against clickjacking. 这样,您可能要检查防止点击劫持的实现。 Try to add the X-Frame-Options HTTP Response header to any page that you want to protect from being clickjacked via framebusting. 尝试将“ X-Frame-Options HTTP响应”标头添加到您要保护的任何页面上,以免通过framebusting被劫持。
For more information, visit Clickjacking Defense Cheat Sheet . 有关更多信息,请访问Clickjacking防御备忘单 。
解决方案2
0 2021-10-18 05:28:28
I know that this is an old post, but it was the closest that met the search for the white-blank picker issue when the Google Picker is called from a Google Apps Script web app with the error.我知道这是一篇旧帖子,但是当从 Google Apps Script Web 应用程序调用 Google Picker 并出现错误时,它是最接近搜索白空白选择器问题的帖子。
Incorrect origin value. Please set it to - (window.location.protocol + '//' + window.location.host) of the top-most page
The suggestion in the error log didn't work for me, but I found a clue here .错误日志中的建议对我不起作用,但我在这里找到了线索。
My solution was to set the Picker site origin to the site that my iFrame was in.我的解决方案是将 Picker 站点原点设置为 iFrame 所在的站点。
For example, if I embedded my web app in 'https://www.example.com' then my picker method would be:例如,如果我将我的网络应用程序嵌入到“https://www.example.com”中,那么我的选择器方法将是:
.setOrigin("https://www.example.com")
An example of the full constructor might look like this:完整构造函数的示例可能如下所示:
//Builds the picker
const picker = new google.picker.PickerBuilder()
.enableFeature(google.picker.Feature.SUPPORT_TEAM_DRIVES)
.setOAuthToken(config.oauthToken)
.addView(view)
.setDeveloperKey(config.developerKey)
// .setOrigin(google.script.host.origin) // Don't use this.
.setOrigin("https://www.example.com") // Add your base URL here.
.setSize(DIALOG_DIMENSIONS.width,
DIALOG_DIMENSIONS.height)
.setCallback(pickerCallback)
.build()
解决方案3
0 2022-01-20 15:20:02
If you intend to use Web App project as standalone and as embedded version at the same time, the same file picker will require different origin urls.如果您打算同时将 Web App 项目用作独立版本和嵌入式版本,则相同的文件选择器将需要不同的源 url。 To avoid hard-coding and chaning urls, I just get the right one from ancestorOrigins .为避免硬编码和更改 url,我只从ancestorOrigins中获取正确的 URL。 It's the last one in array.它是数组中的最后一个。
var url = window.location.ancestorOrigins[window.location.ancestorOrigins.length-1];
new google.picker.PickerBuilder().setOrigin(url);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.