Is there any way a private/protected google docs/sheets be embedded in an iframe. ?
A publicly published document can be embedded.
Also a private document can be embedded but the google login page cannot be open in an iframe.
X-Frame-Options deny is being thrown in the console.
Refused to display 'https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/document/d/1v6j-12D0HXzsmp5zITfQ48pylIRwvhywFMfKC3cYKLo/edit?embedded%3Dtrue&followup=https://docs.google.com/document/d/1v6j-12D0HXzsmp5zITfQ48pylIRwvhywFMfKC3cYKLo/edit?embedded%3Dtrue<mpl=docs' in a frame because it set 'X-Frame-Options' to 'deny'.
Best Regards,
Saurav
By Publish to the web you do not share the file publicly. I mean, the link to the file will remain private (restricted) unless you change it. Also, when Publish to the web, there is an option to restrict access within your domain called Restrict access to the following.
Related
For example:
Electron main entry is file://main.html
Nested iframe entry is file://sub.html
In file://sub.html context can access window.top context of main.html, I know the reason is for the Same-origin-policy file://.
Is there any solution to forbidden access window.top under the same file:// protocol?
window.top.location.href is accessible to assign from inside iframe independently SOP. If you wish to restrict that behaviour, use <iframe sandbox="..allow_flags.." and allow what you need except allow-top-navigation flag.
Alternatively you can use sanbox directive of Content Security Policy. It supports the same flags, but will affect not only iframes, but the page published it itself.
I am learning web allowed objects in the universal application. Previously I am using script notify to know any action on the content in my web view, where i specified the URL of my web view content in the app manifest file. Now I am trying to switch it from script notify to web allowed object. But without specifying any URL in the app manifest it is working as expected. Is is the behavior of the web allowed object or something I missed?
According to Accessing the Windows Runtime in a web view section of WebView class:
You can use the AddWebAllowedObject method to inject an instance of a native class from a Windows Runtime component into the JavaScript context of the WebView. This allows full access to the native methods, properties, and events of that object in the JavaScript content of that WebView.
So that you may not need to specify URL to make it work with accessing the native methods in Runtime component, but ensure to decorate the class with the AllowForWeb attribute.
Specifying any URL you mentioned in the app manifest is for addition features that trusted JavaScript content in WebView can be allowed to directly access Windows RuntimeAPI. This provides powerful native capabilities for web apps hosted in a web view. For more details about this feature please reference Accessing UWP features.
I am using Delphi & the DCEF (Delphi Chromium Embedded Framework) to load a local HTML file into a browser embedded within a form. The HTML file is trying to display a Google Map & has the line -
<script type="text/javascript" src="https://maps.google.com/maps/api/js?sensor=true&v=3.6&client=gme-{mycompanyid}"></script>
but the problem is that the URL sent as the referer to Google APIs is
HTTP://127.0.0.1/mypage.html
We have already authorised our website URLs for our Business Client ID, and we want to use the same Business Client ID for this desktop application.
My question is - how can I get the calls to Google API to use a different referer ? I think its not possible.
Decided not to persue this, a locally hosted HTML file is really a security risk. We are still using the embedded DCEF browser in a Delphi form, but host the HTML file on our corporate webserver. That way the Google API is happy with the referring URL for map requests.
Thank you to all those who replied.
My ASP.Net MVC app is an intranet app, and in the HTML, I put an anchor link to PDF files that are stored on our network. Chrome does not open these files in the browser if you click on the link, however if you copy the link off the webpage and make a new tab, paste the link in, it will open.
Now, both the app and the files are on the same domain so how can I get PDF to open automatically in a new tab? I have looked at the various Chrome extensions, but they don't seem to work. There must be a way to get local/network based files to open in your intranet using Chrome, please don't say I have to resort to awful Internet Explorer!
Any help much appreciated.
Have you tried to use HTML iframe tag to display the PDF?
Example:
<iframe id="frameID" style="border:1px solid #666CCC" title="PDF in an i-Frame" src="PDFData.pdf" frameborder="1" scrolling="auto" height="1100" width="850" ></iframe>
Out of date for you, but I recently solved this problem on an apache2 server on ubuntu. I believe it's a matter of security from the client browser- so that a webpage can't open client files maliciously
What solution was
mount the network share drive on my web server
html point to pdf inside the mounted drive
(Optional on Apache) use a .htaccess rule to prevent folder indexing (listing all files/folder)
therefore the webpage was opening its own file, not the clients; so firefox/chrome/et al will allow this to happen
The fix should be in your mvc project . Just make sure the action returns FileStreamResult . example:
return new FileStreamResult(new FileStream(filePath, FileMode.Open), MimeMapping.GetMimeMapping(filePath));
I need to create a few urls which for my gwt application. e.g currently login screen is
http://127.0.0.1:8888/abc.html?gwt.codesvr=127.0.0.1:9997
http://example.com/abc.html?gwt.codesvr=127.0.0.1:9997
i want to change it to
http://127.0.0.1:8888/accounts
http://example.com/accounts
so when user directly open this link
I have developed this applicatoin in gwt with jdbc
looking forward to your reply
I suggest you take a look at how GWT handles History. You can save states of your application by using History tokens(For ex: ../modulename#user1, ../modulename#user2) and by parsing these tokens you can direct your user to appropriate section of your application. Since GWT applications run on a single html page I beleive this would be the correct approach to implement your functionality. Last but not least these states are bookmarkable and supports browsers back button as well.
By the way about changing the Url, ?gwt.codesvr=127.0.0.1:9997 is added to the url in development mode and will not appear in production mode when you compile deploy your application.
Just create a subfolder named accounts and move the index.html file there. The webserver should not automatically serve the index.html file, when someone requests to see the folder.
You can create the history and add the token in them:
private static final String abc = "account";
History.newItem(abc ,true);