This framework integrates Google Apps Script web apps into a standard website
Integrating a Google Apps Script web app into a public website offers powerful possibilities, but developers can often hit a wall of limitations. Serving from a custom domain, managing multiple Google account logins, preventing security vulnerabilities like clickjacking, and providing a smooth user experience are significant hurdles.
A new open-source framework from developer Zig Mandel provides a comprehensive solution, offering a flexible framework for embedding Apps Script web apps securely and professionally. At its core, the framework uses a parent website to host the Apps Script in an iframe, using a secure postMessage protocol for communication between the parent website and your web app. A key innovation is its ability to dynamically and securely load different script deployments using a cryptographic signature (org/sig) system, preventing unauthorised use while enabling advanced features like centralised logging and analytics integration.
What This Framework Solves
This solution is more than just an iframe wrapper; it’s a complete integration kit designed to enhance your Apps Script web app to a professional standard. It addresses several key pain points:
Custom Domain Serving: Serve your app from your own domain, not the standard script.google.com URL.
Secure Embedding: A communication protocol and domain validation prevent your app from being embedded on unauthorized sites.
Multi-Account & Workspace Compatibility: The framework is built to handle complexities that arise when users are logged into multiple Google accounts or are using a Google Workspace account.
Seamless User Experience: The architecture eliminates the jarring “flash” of a new page loading within the iframe, creating a smooth transition for single-page application (MPA) style web apps.
Analytics & Logging Integration: Send events from your Apps Script directly to the parent website’s Google Tag Manager instance and forward client-side logs to a centralized location like Google Cloud Logging.
Summary
In short, this framework hopefully unlocks a better way to implement public-facing Google Apps Script for web applications. For developers it provides the tools to overcome common embedding hurdles, moving beyond simple scripts to create secure, professional, and seamlessly integrated user experiences. To explore the code and get started on your own integration, check out the repository on GitHub.
