I'm trying to integrate a Google Apps Script (GAS) web app into a WordPress site via an iframe.

The basic integration works, but only with a static iframe height.

To achieve automatic height resize, I tried having the web app communicate with the WordPress page via postMessage and similar logic.

Since then, problems have appeared: sandboxing, CORB, GAS internal script blocking, Google-generated security iframe, etc.

In practice, GAS prevents any two-way communication between the iframe and the host page.

To circumvent these limitations, I tried a reverse proxy using Cloudflare Workers to serve the web app from my custom domain.

The proxy technically works, but GAS continues to return its fallback page (with internal iframe and goog.script.init script) instead of my web app, as if it weren't executing the user code when the request arrives via a custom domain.

All the questions on similar topics found here are many years old!

At this point, I ask:

Are there any unexplored solutions that allow a GAS web app to be integrated into an external domain with dynamic iframe resizing, or are there architectural alternatives that allow reliable communication between the iframe and the host page?

Any suggestions would be extremely helpful.