I am trying to put an interactive map from GeoCharts on my website using Google Apps Script. The maps show up when I am signed into my Google account but they do not show up when I am signed off. How can I fix this?
Here is the doGet I use and prate is an HTML file in the project. I then deploy the project as a web app and choose
Execute the app as: 'Me'
Who has access to the app: "Anyone'
function doGet() {
return HtmlService.createHtmlOutputFromFile('prate').setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
I don't get an error on the page when I am logged out, it just does not show up. Here is the link to the page: https://sites.google.com/site/christinegbraun/data
Make sure you did add in your website the /exec not the /dev
Also make sure everyone can access the app by choosing in settings
Who has access to the app: anyone, even anonymous
Related
I just deployed my app script(web app) and I got my Url (https://script.google.com/macros/s/blahblah.../exec).
( setting [Who has access to the app: ] -> [Anyone] )
So I worried about that my Url can be known for anyone in the google search.
I want to use this link only with my friends.
Is it safe unless I don't share the Url to others? (except my friends)
or is there anyway to force to request permission to my web app? (without using G suite, google Workspace)
Thank you.
Your Web App is not indexed by Google
Unless you share your project URL with other people, they can't directly access to it.
According to the documentation the app can be executed as you or as the user accessing the web app. You can limit the access to your resources by changing the user who's executing your app.
I am new to apps-scripts and want anonymous users to access my web app script that is container bound to a spreadsheet.
The web app displays a form that collects information that the script stores in the containing spreadsheet, it works perfectly when I am logged into my google account, but when logged out the web app url displays a google login screen instead of my form.
I am struggling for the way to troubleshoot this. I have checked:
the script is deployed to execute as 'me' and with access by anyone + anonymous
I am using the 'exec' url
I have put the oauth scopes into the manifest and reduced scope as I can
I have approved the unverified app.
Here are some extra elements that I don't know whether they are causing issues or not:
I add a single query parameter to the web app exec url before sending it to the user for them to use anonymously.
I have a number of other functions in the script apart from the doget(), these process data from the web app form, write data to the containing spreadsheet and return some of it to the user. In the same script I also add a menu to the containing spreadsheet.
There seem very few ways to get logging or troubleshooting information for this problem - especially with container bound scripts. Can anyone with more experience please explain why this problem might occur and suggest how I can troubleshoot and resolve it? As I say the web app url works perfectly when I'm logged in, but when I'm logged out or in incognito mode I get a Google account sign in form. Thank you.
I solved this whilst creating a minimal reproducible example as requested.
The problem lay in my confusion over deployments, /exec, /dev and V8 versus rhino.
This answer about /dev /exec is very helpful.
What I discovered is:
/dev always asks you to login to your google account if you're not logged in in your browser e.g. incognito mode.
As commented there has been some confusion under what circumstances V8 getUrl() returns /dev or /exec.
My suggestions for troubleshooting this for an anonymous web app:
Be very careful when testing anonymous web app using /dev - it will always lead to login request
Check very carefully what getURL() is returning - in combination with whether you are using rhino or V8.
I solved my particular problem by 'downgrading' to rhino by putting into the manifest: "runtimeVersion": "DEPRECATED_ES5"
I have currently a simple Hello World Google App Script following Google Documentation
I published it, giving access to anyone on the internet (including anonymous users) and then get both a xxx/dev and xxx/exec urls (latter for "published versions" usage, latter for work in progress usage).
None of those URL are currently working when I call it in my Browser (or through a cURL command) :
Any idea on what could go wrong ?
Note : I already published some Google App Scripts in the past and they are still working today. It is as if my "new" google app scripts was not getting published.
This could be because you are logged into multiple Google accounts. Try:
deleting the "u/0" from the URL
signing out of all of your Google accounts, and back into just one
trying the /exec in an "incognito" window
I have created my script and it works great. I have changed the sharing so anybody can view it, but it still asks users to login to their Google account to run the script.
Here is the link: My script
Currently you're web app is set to execute as User accessing the web app. This means they need to sign into a Google account to execute any of the code in your app.
You need to change this setting to: Execute the app as: Me
As well as change Who has access to the app from Anyone to Anyone even anonymous
Example:
The setting can be found by clicking on the cloud icon in the Apps Script IDE's toolbar.
Edit: Added new image to reflect proper settings.
It might be that they've updated the settings to where the least restrictive option is "Anyone" which would still require a log in. This is happening with my Google Workspace for Education account.
I'm trying to develop a simple web app using google script web app service and access it from another script using the UrlFetch service.
My problem is that in order to try the code on my web app I have to publish a new version every time because trying to access to the dev URL returns returns and HTML file telling me to sign in even though I've set the permissions for the web app to everyone, including anonymous (if I hit the production URL it does work, though).
I'm assuming that Google is limiting the access to the dev URL for security reasons but can someone shed a light on that assumption?
PS: I don't know if this is relevant but my google account is in a Google Apps for Education domain
Edit
I've found a method to avoid publishing the application for each code change: instead of calling it from the UrlFetch service, I've created a function in the web App code that does call the doPost or the doGet method (I've to create the request param, but that's easy) and I've changed the end of the script to log the result insted of returing it to the client. When the application will be ready, I can publish and develop the client using the UrlFetch.
Anyhow, if anyone knows about the limitation of the dev URL that would be great!
your assumption is correct, the dev url ignores your publishing permissions on purpose, only the developer has access to that url.
you could accomplish what you want using libraries. move the code in your called script to a library and add it to that script as "development mode" and publish your script service.
changing library code should also change your service because its on development mode.
Note that this can easily break your app if you save partial code changes, and makes it hard to test your changed code unless you make all changes and tests in a separate script copy. Making several changes at once in multiple apps script editor files is possible with their "Save all" File menu command (after manually pasting all code changes from your tested copy).