如何从跨源站点中的谷歌应用程序脚本 webapp 访问相机？

Question

I have a iframe on my page. The iframe src is a google webapp with src="https://script.google.com/macros/s/.......".

That page is a form and it works with camera and geolocalisation. My problem is, when I directly access the form without framing, it works perfectly, but when I frame the apps script web app, the form works but camera and geo doesn't.

I mean: if I use https://script.google.com/macros/s/... . the form works perfect, but if I use iframe on my web page, the camera and geo no work! <iframe src="https://script.google.com/macros/s/......."></iframe> I tried adding allow="camera; microphone and another attributes but still no work it.

How can I solve that?

here my link iframe: iframe allow="camera *; microphone *" src="https://script.google.com/macros/s/AKfycbzsaOlh4Gp2EJmdyQ9cvkYmezTCsg_9wd6ILjdwTe6MRgNBDitcE5Hijr2sNeBknMvp/exec" width="750" height="1100" frameborder="0" marginheight="0" marginwidth="0" id="cultos" name="cultos">/iframe

link script https://script.google.com/macros/s/AKfycbzsaOlh4Gp2EJmdyQ9cvkYmezTCsg_9wd6ILjdwTe6MRgNBDitcE5Hijr2sNeBknMvp/exec note: link script work 100% but on iframe no work camera and geolocalitation

Answer 1

Since Google apps script web app is a nested iframe with different origins , you might need to add a specific allowlist along with allow . . This is because the default allow 's allowlist defaults to src . Thus it won't allow nested cross origin iframes. Try

<iframe src="https://script.google.com/macros/s/......." 
        allow="camera https://[SCRIPT_ID].googleusercontent.com"></iframe>

Here, SCRIPT_ID can be found by examining the "#1 Outer sandbox iframe" html structure according to the structure here . Alternatively and less securely, you can allow all origins using * ,

<iframe src="https://script.google.com/macros/s/......." 
        allow="camera *"></iframe>