To call an enum, you call its parent class, name, and property. For example,
HtmlService.XFrameOptionsMode.ALLOWALL.
Setting XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer
should implement their own protection against clickjacking.
If a script does not set an X-Frame-Options mode, Apps Script uses DEFAULT
mode as the default.
// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).
const output = HtmlService.createHtmlOutput('<b>Hello, world!</b>');
output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
Properties
Property
Type
Description
ALLOWALL
Enum
No X-Frame-Options header will be set. This will let any site iframe the page, so the
developer should implement their own protection against clickjacking.
DEFAULT
Enum
Sets the default value for the X-Frame-Options header, which preserves normal security
assumptions. If a script does not set an X-Frame-Options mode, Apps Script uses this
mode as the default.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-26 UTC."],[[["`XFrameOptionsMode` is used to control how a client-side Apps Script HTML service can be embedded in iframes by other websites."],["`ALLOWALL` permits any website to embed the page in an iframe while `DEFAULT` preserves the standard security behavior."],["If you select `ALLOWALL`, ensure to incorporate your own security measures against clickjacking."],["By default, if `X-Frame-Options` mode isn't specifically set, Apps Script automatically applies the `DEFAULT` mode."]]],[]]