Embed site in Google Apps Script, and embed script on site

Posted February 10, 20214 yr

I'd like to embed a page from the website (namely chatbox) into a google apps script, and then embed the google script onto my site.

There are a couple problems I'm running into.

1st in the sites admin cp, when I allow embedding on a specific offsite domain (*.script.google.com) it won't allow me to embed chatbox.
However if I select the 3rd radio option "allow embedding in all offsite domains", which is not recommended, it allows it.
So that's problem 1.

2nd I'm having trouble getting my site to allow the google script to be embedded on it anywhere at all.

I was hoping that embedding the google script in an iframe (the script itself having my site in an iframe within it) would allow that chatbox iframe in the google script to recognize the top hosting domain as my site, and thereby allow it to embed in the google script. But I can't even get the google script to embed to see if that would work, though somehow I doubt it will.

Any direction on this would be greatly appreciated :)

Desired iframe layout of end product:

_____________________________
| MY SITE |
| _______________________ |
| | GOOGLE SCRIPT | |
| | ________________ | |
| | | CHATBOX | | |
| | | | | |
| | |________________| | |
| |______________________| |
|____________________________|

Edited February 10, 20214 yr by Aramaech

February 11, 20214 yr

You will need to allow whatever domain chatbox and Google are being served from if you are using a content security policy.

February 12, 20214 yr

Author

Chatbox is being served from my site, google is being served from google.
What do you mean by allow it? Like this?
admin cp -> advanced configuration -> Allow community to be embedded in an iframe -> content security policy: default-src *; frame-ancestors 'self' *.google.com

That's one setting I tried. For the content security policy I also tried

default-src *; frame-ancestors 'self' *.script.google.com