AramaechFebruary 10, 2021 in Technical Problems
I'd like to embed a page from the website (namely chatbox) into a google apps script, and then embed the google script onto my site.
There are a couple problems I'm running into.
1st in the sites admin cp, when I allow embedding on a specific offsite domain (*.script.google.com) it won't allow me to embed chatbox.
However if I select the 3rd radio option "allow embedding in all offsite domains", which is not recommended, it allows it.
So that's problem 1.
2nd I'm having trouble getting my site to allow the google script to be embedded on it anywhere at all.
I was hoping that embedding the google script in an iframe (the script itself having my site in an iframe within it) would allow that chatbox iframe in the google script to recognize the top hosting domain as my site, and thereby allow it to embed in the google script. But I can't even get the google script to embed to see if that would work, though somehow I doubt it will.
Any direction on this would be greatly appreciated :)
Desired iframe layout of end product:
| MY SITE |
| _______________________ |
| | GOOGLE SCRIPT | |
| | ________________ | |
| | | CHATBOX | | |
| | | | | |
| | |________________| | |
| |______________________| |
You will need to allow whatever domain chatbox and Google are being served from if you are using a content security policy.
Chatbox is being served from my site, google is being served from google.
What do you mean by allow it? Like this?admin cp -> advanced configuration -> Allow community to be embedded in an iframe -> content security policy: default-src *; frame-ancestors 'self' *.google.com
That's one setting I tried. For the content security policy I also tried
default-src *; frame-ancestors 'self' *.script.google.com
Is this a self hosted site?
If so, what content security policy is your web server sending if any?
I use zFast for hosting, I don't host it myself.
I do use SSL through Lets Encrypt, and Cloudflare as a CDN, which also includes its own end to end encryption, so that could also be a factor.
You'll need to sort out with Cloudflare how to set the correct security policy.
Edit: https://support.cloudflare.com/hc/en-us/articles/216537517-Using-Content-Security-Policy-CSP-with-Cloudflare#:~:text=Cloudflare doesn't require changes,locations specified in your CSP.
You'll need to make sure the CSP headers are correct for your site. Looks like Cloudflare simply observes whatever your webserver sends.
Started October 3, 2017
Started 13 hours ago
Started February 9, 2021