Re: Error with App in Iframe

GonzaloEEspina · 02-20-2025 04:14 AM

Im using an iframe to show my app that doesnt require sign-in in my web, it worked fine for a month bot now it shows this error:
Refused to frame 'https://www.appsheet.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
Does AppSheet no longer allow embedding in an iframe?

Tijesuni

Yes, AppSheet no longer allows embedding apps in an iframe due to Content Security Policy (CSP) restrictions. The error message:

"Refused to frame 'https://www.appsheet.com/' because an ancestor violates the following Content Security Policy directive: 'frame-ancestors self'."

indicates that AppSheet has updated its CSP settings to block embedding on external websites.

Previously, AppSheet allowed iframes, but they have likely updated their security policies to prevent embedding due to potential security risks.

Possible Workarounds

Since iframes are now blocked, here are some alternatives:

1. Use AppSheet's "Publish" Feature (Recommended) ✅

Instead of embedding in an iframe, use a direct public link to the app.
Go to App Editor → Security → Require Sign-in → OFF (if public).
Share the public URL on your website via a button or link.
2. Contact AppSheet Support
If embedding is essential for your use case, try reaching out to AppSheet support to check if they offer any iframe permissions for enterprise users.

nico

Public apps should still allow for embedding in iframes in any domain, unlike apps that require sign-in that are limited to a subset of allowed domains, currently only Google Sites.

There was a bug while the feature was rolling out where the `AllowInIFrame` flag was automatically set to off for public apps that should have since been resolved - that flag will currently always be on for public apps for now. Apologies for the temporary breakage.