Changing scope x-dframe option deny

Sensorpro
Tourist
9 1 0

I am changing scope to add read_products and when I do this the re-authorization process fails with the below error:

Refused to display 'https://yyyyyyy.myshopify.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

When I remove the new scope it the application loads ok and installs ok. 

Existing scope: (working)

read_customers,write_customers,read_orders,read_themes,read_checkouts

New scope

read_customers,write_customers,read_orders,read_themes,read_checkouts,read_products

 

- The app is an imbedded app and one solution I was given was to frame bust the initial  authorization call https://myshop.sensorpro.net/admin/oauth/authorize?client_id=........

but when I do that the re-authorization seems to happen OK but then my application is loaded outside of shopify iframe?

 

 

Any help much appreciated.
Thanks

0 Likes
Sensorpro
Tourist
9 1 0

I have made some progress but the process seems to be clunky. 

 

- First mistake was the initial call to authorization URL  was in the iframe https://{0}/admin/oauth/authorize?client_i...

I added the app-bridge redirect code to break this frame 

<script src="https://unpkg.com/@shopify/app-bridge@2"></script>
<script>
var AppBridge = window['app-bridge'];
var createApp = AppBridge.createApp;
var actions = AppBridge.actions;
var Redirect = actions.Redirect;
var loading = actions.Loading

var apiKey = '1yyyyyy';
var redirectUri = 'https://sprodev.ngrok.io/email61/shopify/sso.aspx';
var shopOrigin = 'syyyy.myshopify.com';

var permissionUrl = "<%:mAuthURL%>";

// If the current window is the 'parent', change the URL by setting location.href
if (window.top == window.self) {
window.location.assign(permissionUrl);
// If the current window is the 'child', change the parent's URL with Shopify App Bridge's Redirect action
} else {
var app = createApp({
apiKey: apiKey,
shopOrigin: shopOrigin
});
Redirect.create(app).dispatch(Redirect.Action.REMOTE, permissionUrl);
ShopifyApp.ready(function () {
ShopifyApp.Bar.initialize({
title: "Your Title"
});
});
}

- Second issue, when my redirect url was called sso.aspx after the initial call it was now outside the iframe and I used the following app-bridge script to force baxck into the iframe.

<script src="https://unpkg.com/@shopify/app-bridge@2"></script>
<script>
/* Will cause this page to load again but within in the shopify admin iframe */
var AppBridge = window['app-bridge'];
var createApp = AppBridge.default;
var app = createApp({
apiKey: '1yyyyyyyy',
shopOrigin: 'yyyyyy.myshopify.com'
});
</script>

 

- This seems to be a very clunky process as the application jumps in and out of the iframe is this as expected or is my understanding incorrrect.

0 Likes