-1

I've been using Google Maps embedded within a site generated on script.google.com, using the HTML Service as follows: 

HtmlService.createTemplateFromFile('index.html');

This has been fantastic, I've produced a web app with an embedded map (see https://script.google.com/macros/s/AKfycbzFiIPsnNgDnz8pmykbyok1xwDdL85EEAwqohoSo9G1QasbWNk/exec). However, I am now warned that "getCurrentPosition and watchPosition usage in cross-origin iframes is deprecated and will be disabled in M63, around December 2017".

Trouble is, using HtmlService.createTemplateFromFile on script.google.com gives me no option (that I know of) to append allow="geolocation" to the iFrame (the HtmlService generates the iFrame automatically).This will cause the web app to fail in December.

Please advise what I should do to avoid issues!!!

Many thanks,

Sarah.

Sarah
  • 1
  • 3

1 Answers1

1

You may want to check these links: 1 and 2: Deprecating Permissions in Cross-Origin Iframes. In order for a cross-origin frame to use these features, the embedding page must specify a Feature Policy which enables the feature for the frame.

For example, to enable geolocation in an iframe, the embedder could specify the iframe tag as:

<iframe src="https://example.com" allow="geolocation"></iframe>

If you are a developer of a website which uses cross-origin iframes and you want those iframes to continue to be able to request/use one of the above features, the page that embeds the iframe will need to be changed. The simplest way to do that is to modify the tag to include an allow attribute which specifies the name of the permission. For example, to enable geolocation and mic/camera for an iframe, the following would be specified:

<iframe src="https://example.com" allow="geolocation; microphone; camera"></iframe>

Valid values for allow include:

  • geolocation
  • microphone
  • camera
  • midi
  • encrypted-media

Note that if the iframe which is using the permission has the same origin as the top level page, then no changes have to be made.

Hope this helps!

abielita
  • 13,147
  • 2
  • 17
  • 59
  • Thank you for your detailed response Abielita! That does seem to be on the right track. Unfortunately my issue is that I am not creating the iFrame myself - it is generated automatically by script.google.com. I would guess I need to instruct the script.google service to somehow incorporate allow="geolocation" into the iFrame when it is generated, but am unsure how this could be done. I do know that you can use ".setXFrameOptionsMode" to adjust permissions for cross-origin iframes, but this only allows embedding and not geolocation... – Sarah Oct 31 '17 at 21:49