I'm developing an app and I ran into a bug. If I enter the app url with a port, I get the error message:
Refused to frame 'https://xyz:5001/' because it violates the following Content Security Policy directive: "frame-src app.myshopify.io *.shopifyapps.com *.myshopify.io *.myshopify.com https://* shopify-pos://*".
But after updating the app several times in the browser, the error message disappears again.
If I enter the App Url without a port, I don't get the error message at all.
I need to set a port for the app url, because I have running several services on my server. Is there a solution for this?
Thanks a lot
At the moment it looks like the CSP directive is a host source as https://* which means that we're not specifying allowed ports/port ranges, which means the only explicitly allowed port is the default. I'm not certain why it started working for you after refreshing a few times, if I'm understanding you correctly.
We don't see any reason not to allow you to specify ports at the moment, so we're going to explore the idea of updating that CSP directive soon.
I'll keep this thread updated.