// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).constoutput=HtmlService.createHtmlOutput('<b>Hello, world!</b>');output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["必要な情報がない","missingTheInformationINeed","thumb-down"],["複雑すぎる / 手順が多すぎる","tooComplicatedTooManySteps","thumb-down"],["最新ではない","outOfDate","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["サンプル / コードに問題がある","samplesCodeIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-07-26 UTC。"],[[["\u003cp\u003e\u003ccode\u003eXFrameOptionsMode\u003c/code\u003e is used to control how a client-side Apps Script HTML service can be embedded in iframes by other websites.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eALLOWALL\u003c/code\u003e permits any website to embed the page in an iframe while \u003ccode\u003eDEFAULT\u003c/code\u003e preserves the standard security behavior.\u003c/p\u003e\n"],["\u003cp\u003eIf you select \u003ccode\u003eALLOWALL\u003c/code\u003e, ensure to incorporate your own security measures against clickjacking.\u003c/p\u003e\n"],["\u003cp\u003eBy default, if \u003ccode\u003eX-Frame-Options\u003c/code\u003e mode isn't specifically set, Apps Script automatically applies the \u003ccode\u003eDEFAULT\u003c/code\u003e mode.\u003c/p\u003e\n"]]],["`XFrameOptionsMode` is an enum for setting `X-Frame-Options` in client-side HtmlService scripts. Accessed via `HtmlService.XFrameOptionsMode`, it's set using `HtmlOutput.setXFrameOptionsMode(mode)`. `ALLOWALL` removes the `X-Frame-Options` header, enabling any site to iframe the page, necessitating developer-implemented clickjacking protection. `DEFAULT` is the default mode if no mode is specified. The example shows how to set the mode to `ALLOWALL`.\n"],null,[]]
