[英]Open an URL with Javascript from a web app
I have this code in my html javascript: window.location.assign('https://script.google.com/a/macros/smapostols.org/s/AKfycbz2BP0c6D7fdDDJUlRHcsCvNKoMuHW1_tN_wVy5iFs/dev?p=ok');
I have this code in my html javascript:
window.location.assign('https://script.google.com/a/macros/smapostols.org/s/AKfycbz2BP0c6D7fdDDJUlRHcsCvNKoMuHW1_tN_wVy5iFs/dev?p=ok');
and it doesn't work, error: The page script.google.com refused connection
.它不起作用,错误:
The page script.google.com refused connection
。
This works fine with another URL (ie http://www.google.com
) and also works fine with: window.open('https://script.google.com/a/macros/smapostols.org/s/AKfycbz2BP0c6D7fdDDJUlRHcsCvNKoMuHW1_tN_wVy5iFs/dev?p=ok');
This works fine with another URL (ie
http://www.google.com
) and also works fine with: window.open('https://script.google.com/a/macros/smapostols.org/s/AKfycbz2BP0c6D7fdDDJUlRHcsCvNKoMuHW1_tN_wVy5iFs/dev?p=ok');
Does anybody know the problem?有人知道问题吗?
Try setting the XFrameOptionsMode
to ALLOWALL
when serving your HTML.在为您的 HTML 提供服务时,尝试将
XFrameOptionsMode
设置为ALLOWALL
。
As per the developer documentation on XFrameOptionsMode
:根据
XFrameOptionsMode
上的开发人员文档:
An enum representing the
X-Frame-Options
modes that can be used for client-sideHtmlService
scripts.表示可用于客户端
HtmlService
脚本的X-Frame-Options
模式的枚举。 ... Setting `XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer should implement their own protection against clickjacking.... 设置 `XFrameOptionsMode.ALLOWALL 将允许任何站点 iframe 页面,因此开发人员应实施自己的保护措施以防止点击劫持。
Properties
特性
Property 财产
Type 类型
Description 描述
ALLOWALL
Enum
No X-Frame-Options
header will be set.不会设置
X-Frame-Options
header。 This will let any site iframe the page, so the developer should implement their own protection against clickjacking.这将让任何站点 iframe 页面,因此开发人员应该实施自己的保护措施以防止点击劫持。
DEFAULT
Enum
Sets the default value for the X-Frame-Options
header, which preserves normal security assumptions.设置
X-Frame-Options
header 的默认值,它保留了正常的安全假设。 If a script does not set anX-Frame-Options
mode, Apps Script uses this mode as the default.如果脚本未设置
X-Frame-Options
模式,Apps 脚本将使用此模式作为默认模式。
function doGet() {
return HtmlService.createHtmlOutputFromFile('filename')
.setSandboxMode(HtmlService.SandboxMode.IFRAME)
.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.