CODEWITHSUNDEEP
google-apps-scriptmanifestgoogle-workspace-add-ons
santa
santa

Reputation: 35

An explicit urlFetchWhitelist is required for all Google Workspace add-ons using UrlFetchApp error while deploying sheet add on

I am trying to deploy a google sheet add on (private add on.) I am using moment js for calculating the date in my code.js file

My manifest looks like this

Manifest:
Manifest

When I go to deploy the add on I am getting the error

"An explicit urlFetchWhitelist is required for all Google Workspace add-ons using UrlFetchApp"

I went through the posts on stackoverflow for the same and i did three recommended changes

  1. Added "https://www.googleapis.com/auth/script.external_request", to my oauthScopes [didn't work]
  2. Installed a trigger and invoked the permission to fetch external request and it did not work.
  3. Finally i tried to add a method to invoke the trigger on open as per this link

Still I am getting the same error when I go and click on deploy add on

urlFetchWhitelist error:
urlFetchWhitelist error

Upvotes: 3

Views: 3558

Answers (1)

Rafa Guillermo
Rafa Guillermo

Reputation: 15377

Answer:

You need to add a urlFetchWhitelist parameter to your manifest and include all urls that you wish to fetch in an array as its value.

Example:

Say you have the line:

const res = UrlFetchApp.fetch("https://google.com")

in your code.

You will need to add this to the whitelist in the appsscript.json manifest file:

urlFetchWhitelist: ["https://google.com/"]

Things to note (from the documentation):

  • Each prefix must be a valid URL.
  • Each prefix must use https://, not http://.
  • Each prefix must have a full domain.
  • Each prefix must have a non-empty path. For example, https://www.google.com/ is valid but https://www.google.com is not.
  • You can use wildcards to match URL subdomain prefixes.
  • A single * wildcard can be used in the addOns.common.openLinkUrlPrefixes field to match all links, but this is not recommended as it can expose a user's data to risk and can prolong the add-on review process. Only use a wildcard if your add-on functionality requires it.

Update 2022-01-13:

As per information on this Issue Tracker report, only the domain/sub-domain needs to whitelisted for fetching.

For example, whitelisting:

"urlFetchWhitelist": ["https://myapp.com/"]

Will allow UrlFetchApp to connect to paths on that domain:

UrlFetchApp.fetch("https://myapp.com/getUser")

References:

Upvotes: 6

Related Questions