// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).constoutput=HtmlService.createHtmlOutput('<b>Hello, world!</b>');output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
[[["เข้าใจง่าย","easyToUnderstand","thumb-up"],["แก้ปัญหาของฉันได้","solvedMyProblem","thumb-up"],["อื่นๆ","otherUp","thumb-up"]],[["ไม่มีข้อมูลที่ฉันต้องการ","missingTheInformationINeed","thumb-down"],["ซับซ้อนเกินไป/มีหลายขั้นตอนมากเกินไป","tooComplicatedTooManySteps","thumb-down"],["ล้าสมัย","outOfDate","thumb-down"],["ปัญหาเกี่ยวกับการแปล","translationIssue","thumb-down"],["ตัวอย่าง/ปัญหาเกี่ยวกับโค้ด","samplesCodeIssue","thumb-down"],["อื่นๆ","otherDown","thumb-down"]],["อัปเดตล่าสุด 2025-07-26 UTC"],[[["\u003cp\u003e\u003ccode\u003eXFrameOptionsMode\u003c/code\u003e is used to control how a client-side Apps Script HTML service can be embedded in iframes by other websites.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eALLOWALL\u003c/code\u003e permits any website to embed the page in an iframe while \u003ccode\u003eDEFAULT\u003c/code\u003e preserves the standard security behavior.\u003c/p\u003e\n"],["\u003cp\u003eIf you select \u003ccode\u003eALLOWALL\u003c/code\u003e, ensure to incorporate your own security measures against clickjacking.\u003c/p\u003e\n"],["\u003cp\u003eBy default, if \u003ccode\u003eX-Frame-Options\u003c/code\u003e mode isn't specifically set, Apps Script automatically applies the \u003ccode\u003eDEFAULT\u003c/code\u003e mode.\u003c/p\u003e\n"]]],["`XFrameOptionsMode` is an enum for setting `X-Frame-Options` in client-side HtmlService scripts. Accessed via `HtmlService.XFrameOptionsMode`, it's set using `HtmlOutput.setXFrameOptionsMode(mode)`. `ALLOWALL` removes the `X-Frame-Options` header, enabling any site to iframe the page, necessitating developer-implemented clickjacking protection. `DEFAULT` is the default mode if no mode is specified. The example shows how to set the mode to `ALLOWALL`.\n"],null,[]]
