Enum XFrameOptionsMode

XFrameOptionsMode

An enum representing the X-Frame-Options modes that can be used for client-side HtmlService scripts. These values can be accessed from HtmlService.XFrameOptionsMode, and set by calling HtmlOutput.setXFrameOptionsMode(mode).

To call an enum, you call its parent class, name, and property. For example, HtmlService.XFrameOptionsMode.ALLOWALL.

Setting XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer should implement their own protection against clickjacking.

If a script does not set an X-Frame-Options mode, Apps Script uses DEFAULT mode as the default.

// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).
const output = HtmlService.createHtmlOutput('<b>Hello, world!</b>');
output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);

Properties

PropertyTypeDescription
ALLOWALLEnumNo X-Frame-Options header will be set. This will let any site iframe the page, so the developer should implement their own protection against clickjacking.
DEFAULTEnumSets the default value for the X-Frame-Options header, which preserves normal security assumptions. If a script does not set an X-Frame-Options mode, Apps Script uses this mode as the default.