Can't create recurring charge due to 'X-Frame-Opti...

mfvas · ‎06-25-2019

Hi,

I am trying to create a recurring charge in an embedded app created in Node.js and based on Express. Everything works perfectly until step 3 - these steps - where Shopify is redirecting the merchant to accept or decline the charge. It is simply not allowed because the app is embedded. In the console I get the following error:

Refused to display 'confirmation_url' in a frame because it set 'X-Frame-Options' to 'deny', where I've removed the confirmation_url for readability.

How do I circumvent this? It looks like I'm not the only one who has had this problem, so it is probably a problem that should be addressed in the documentation.

All the best,
Mathias

Busfox · ‎06-27-2019

Hi @mfvas,

You need to do a top level redirect that escapes the iframe when redirecting the merchant to the confirmation url. There's an explanation in our oAuth documentation that also applies here:

Since the application is loaded inside an iframe, it is critical that the initial OAuth redirect to Shopify occurs at the parent level, escaped from the iframe. Shopify returns the X-Frame-Options=DENY header and prevents any Shopify admin pages from being loaded inside an iframe. The Embedded App SDK provides a method that can be used to perform a redirect within the parent window.

Can't create recurring charge due to 'X-Frame-Options = deny'.

Integrating Shopify API in a private store

[Storefront API] How to process large datasets - T...

Fulfilment API issue

[Storefront API] - Help using customerResetByUrl m...

Sales Channel Identification via Products Api

Integrating Shopify API in a private store

Re: Looking Up Refunds in GraphQL

Re: Issue with getting more than 100 000 customers

Re: Issue with getting more than 100 000 customers

Re: Questions related to Analytics API