An enum representing the X-Frame-Options modes that can be used for client-side HtmlService scripts. These values can be accessed from HtmlService.XFrameOptionsMode,
and set by calling HtmlOutput.setXFrameOptionsMode(mode).
To call an enum, you call its parent class, name, and property. For example,
HtmlService.XFrameOptionsMode.ALLOWALL.
Setting XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer
should implement their own protection against clickjacking.
If a script does not set an X-Frame-Options mode, Apps Script uses DEFAULT
mode as the default.
// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).
var output = HtmlService.createHtmlOutput('<b>Hello, world!</b>');
output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
Properties
| Property | Type | Description |
|---|---|---|
ALLOWALL | Enum | No X-Frame-Options header will be set. This will let any site iframe the page, so the
developer should implement their own protection against clickjacking. |
DEFAULT | Enum | Sets the default value for the X-Frame-Options header, which preserves normal security
assumptions. If a script does not set an X-Frame-Options mode, Apps Script uses this
mode as the default. |