This question already has an answer here:
getCurrentPosition deprecated on Google Apps iFrame?
(1 answer)
Closed 5 years ago.
I've been using Google Maps embedded within a site generated on script.google.com, using the HTML Service as follows:
HtmlService.createTemplateFromFile('index.html');
This has been fantastic, I've produced a web app with an embedded map (see https://script.google.com/macros/s/AKfycbzFiIPsnNgDnz8pmykbyok1xwDdL85EEAwqohoSo9G1QasbWNk/exec).
However, I am now warned that "getCurrentPosition and watchPosition usage in cross-origin iframes is deprecated and will be disabled in M63, around December 2017".
Trouble is, using HtmlService.createTemplateFromFile on script.google.com gives me no option (that I know of) to append allow="geolocation" to the iFrame (the HtmlService generates the iFrame automatically).This will cause the web app to fail in December.
Please advise what I should do to avoid issues!!!
Many thanks,
Sarah.
You may want to check these links: 1 and 2: Deprecating Permissions in Cross-Origin Iframes. In order for a cross-origin frame to use these features, the embedding page must specify a Feature Policy which enables the feature for the frame.
For example, to enable geolocation in an iframe, the embedder could specify the iframe tag as:
<iframe src="https://example.com" allow="geolocation"></iframe>
If you are a developer of a website which uses cross-origin iframes
and you want those iframes to continue to be able to request/use one
of the above features, the page that embeds the iframe will need to be
changed. The simplest way to do that is to modify the tag to
include an allow attribute which specifies the name of the permission.
For example, to enable geolocation and mic/camera for an iframe, the
following would be specified:
<iframe src="https://example.com" allow="geolocation; microphone; camera"></iframe>
Valid values for allow include:
geolocation
microphone
camera
midi
encrypted-media
Note that if the iframe which is using the permission has the same
origin as the top level page, then no changes have to be made.
Hope this helps!
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 12 months ago.
Improve this question
I am wondering how to deal with multiple installation of Google Tag Manager and how to work with another Tags.
So I am kinda new in this topic and need some guidance on beggining. I am using Google Tag Assistant Legacy extension to check if everything works correctly. On home page when I check extension it shows 5 tags:
Global site tag (gtag.js)
Google Ads Remarketing Tag
Google Analytics
Google Tag Manager
Google Tag Manager (with the same ID as in previous).
Extension shows "Multiple installation of Google Tag Manager detected" error.
I have been reading about soulution on the Internet and so far I checked developer tools -> Network -> write down "gtm.js" in search bar and reload page and only one record shows in the window. But page on which I am working regarding to my knowledge is not a single page application as some poeple says. So is "Multiple installation" real error or should I just ignore it? And how to check if this might cause any problem.
And I have question also to other tags. To be sure if I think correct - Global site Tag should be deleted? I don't know why should I have this one if I have GTM? I want to have all tags implemented via GTM. Also Google Ads Remarketing Tags should be deleted because I have this Tag already in GTM. Am I right?
How can I check whether some data are sending doubled? And I have another problem - this set is for home page and some other subpage but I have also pages that contains (by Google Tag Assistant Legacy) this Tags:
Global site tag (gtag.js)
Global site tag (grag.js) (but with different ID then the first one)
Google Ads Remarketing Tag
Google Analaytics
Google Tag Manager
So the question is why now I have only 1 Google Tag Manager by two different Global site tag. I have not idea how could I tidy it up so any suggestion will be much welcomed.
Don't rely on the extension. Open your Dev tools, inspect your Network requests and Elements tab. See if GTM indeed is being fetched twice.
You don't need explicitly declared gtag if you use GTM.
The rest of the tags may be populated with GTM. you may want to use the request blocking feature to block GTM and see how many of the tags still remain in the DOM.
For further analytics debugging use Adswerve's plugin. You may as well consider Observe Point or a similar extension if the Network tab is too intimidating.
We have a website with iframe.
In this website, some iFrames display dynamic questionnaires which coming from our different server.
We have declared both properties in Google Analytics (GA). (Main site and site retrieved through iFrames).
The sessions seem to be detected but NONE of the properties let us see the analytics page (with the % on each fields, heat maps and so on) in GA itself.
We can see analytics page (part of behavior menu) on the main site thanks to the GA Chrome extension.
We are looking for a way to detect the users behavior in the questionnaires contained in the iFrames.
Look into the documentation for cross domain tracking with iFrames. It does not exactly cover your requirements (since you seem to use different properties for host page and framed page) but it is a good example for the postmessage interface that allows cross-domain communication in frames (as long as you control both pages). So you can use postmessage to send data from the framed form to the host page and set up a listener there that sends data to GA every time the listener is invoked (the linked docs have a code example, so I won't repeat that here).
I'm building a similar solution to twitter's widget.
I was wondering if there is any way to allow others to change the style of the content within my iframe?
I know the same-origin policy exists, however I wonder if there is any header notice that I could emit with the iframe content to allow browsers ignoring the policy?
What about solution, when link to CSS file will be passed through URL parameter or (better solution in my opinion), create URL parameter for every customizable item like this?
?bgcolor=000000&fontcolor=ffffff
To your question about ignoring SOP, look at Cross-origin resource sharing:
HTTP access control (CORS)
Cross-Origin Resource Sharing
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've wanted to apply google analytics on my music page at www.soundclick.com/bands/default.cfm?bandid=976533
But I am unable to use that URL as my default on analytics because it contains a query.
I have a Domain URL at www.SilentNoizeMusic.com that forwards to the above address, but I'm questioning if using the www.SilentNoizeMusic.com url as my default on Analytics will actually track the stats for the real site.
Are my suspicions correct?
If so, is there any sort of workaround, like a modification to the original URL that could bypass the query error but still direct to the same page to be tracked?
(as a side note, I'm not sure how relevant it would be to any potential answers, but the music hosting site I'm using does not allow javascript, which is what initially prevented my from using analytics since I couldn't paste the tracking code. I have found a workaround that I want to test out, but I just need to fix the above problem in order to do so.)
Thanks
If you are using domain forwarding provided by your DNS server, then no, Google Analytics won't be able to track stats of visitors who reach your soundclick.com page via your SilentNoizeMusic.com URL.
Some DNS providers offer a "domain cloaking" option, which makes the destination page appear in the browser at your SilentNoizeMusic.com URL. All this is doing is returning an HTML page containing an iframe that loads the destination page. Cloaking is a terrible hack and not very reliable, since any link clicked on in the destination page (inside the iframe) will cause the browser to navigate to the destination page anyway.
Another approach might be to try to embed a trackable item in the destination page. You said that soundclick.com doesn't allow you to embed javascript; do they allow you to embed HTML?
Option 1: See if you can embed an iframe in the html of your soundclick.com page. Point the iframe to an html page on some other web server that you have control of, and put your javascript and google analytics stub in there. The javascript won't violate the 'no javascript' mandate of soundclick.com, because it won't be executing in the context of soundclick.com - it will be sequestered inside the iframe. The iframe doesn't even have to be large enough to show on your soundclick.com page. Just having it there will be enough to get the sequestered page to load, and that's all that Google Analytics really needs. You won't get any stats about what the user is doing on the soundclick.com page, and you won't get any referal data (what sites contain a link to yours that users clicked on to get to your site) but you should get full stats about number of visitors, new vs returning, etc.
Option 2: If soundclick.com doesn't allow you to put an iframe HTML element on your page, will they allow you to reference an image on another server? Again, set up an image file (preferably small) on a server you have control of and place an link on the soundclick.com page referencing the image on the other server. You can then collect request stats on the image file, which will give you some small degree of traffic measurement. This is what the old-school hit counters did, basically.
I want to allow some websites to embed an iframe with a page from my domain. However, I don't want anybody to be able to use the iframe content without my permissions. How can I allow only domains of my choice to be able to embed the iframe with the page's content?
I know vimeo does this, and allows video owners to block the video on certain websites that they don't find appropriate.
I want server side ASP.NET solution, because Javascript code can be altered. However if it can be done using javascript code and its secure, It's ok.
From what I've seen, I need to pass the referrer in some way, but in a way that can be manually altered by other website owners to include the iframe themselves and it would work on their website too, without a permission.
Since it will be a standalone page as you mentioned in the comments, you can do this by inspecting the referer property.
Request.UrlReferrer
See that it contains the domain that you want to allow. This property is available when an embedder puts your page in the IFRAME's SRC attribute and the page loads for the first time.
If the user clicks on a link inside the IFRAME, it is not guaranteed to pass the containing page as a referrer.
If you want to allow multiple linked pages inside the IFRAME to allow a specific domain, then you will need to stick to a JavaScript based solution.
Note however that neither method is completely foolproof.