An enum representing the X-Frame-Options
modes that can be used for client-side Html
scripts. These values can be accessed from Html
,
and set by calling Html
.
To call an enum, you call its parent class, name, and property. For example,
HtmlService.XFrameOptionsMode.ALLOWALL
.
Setting XFrameOptionsMode.ALLOWALL
will let any site iframe the page, so the developer
should implement their own protection against clickjacking.
If a script does not set an X-Frame-Options
mode, Apps Script uses DEFAULT
mode as the default.
// Serve HTML with no X-Frame-Options header (in Apps Script server-side code). const output = HtmlService.createHtmlOutput('<b>Hello, world!</b>'); output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
Properties
Property | Type | Description |
---|---|---|
ALLOWALL | Enum | No X-Frame-Options header will be set. This will let any site iframe the page, so the
developer should implement their own protection against clickjacking. |
DEFAULT | Enum | Sets the default value for the X-Frame-Options header, which preserves normal security
assumptions. If a script does not set an X-Frame-Options mode, Apps Script uses this
mode as the default. |