Sign up
Quick links
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Embedded app wont load in Safari - no Cookies

‎07-28-2020 08:29 AM
Shaibt
Excursionist
16 1 10

Our embedded app won't load in Safari (13.1.2):

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to load https://XXXX.myshopify.com/admin/auth/login because it does not appear in the frame-ancestors directive of the Content Security Policy.

 

Seems the issue is is happening while still in Shopify flow.

We're using  app-bridge-react Provider component to embed in Shopify admin.

Our embedded app doesn't use cookies so I don't think this thread is relevant to our problem  - unless I've missed something.

 

Reply
‎08-29-2020 03:26 AM
instaconnect
Shopify Partner
5 0 0

Hi Shaibt, did you find a solution for this?  We are experiencing the same issue.

0 Likes
Reply
‎08-29-2020 11:03 AM
Shaibt
Excursionist
16 1 10

Hi @instaconnect , unfortunately - no, haven't found a solution yet. This has worked properly before but at some point stopped to.

Think that Safari updates are outpacing some of the Shopify iframe mechanisms.

Reply
‎09-01-2020 04:15 AM
eCreateStudio
Tourist
4 0 1

Hi @Shaibt, I'm also finding this issue.

It seems to be due to the Response header settings:

Content-Security-Policy: frame-ancestors 'none'

And possibly: 

X-Frame-Options: DENY

Which relate to the redirect response:

Redirect Response 303
Location: https://XXXX.myshopify.com/admin/auth/login
 
But I'm not sure so far where the headers for this response are set, and suspect its on the Shopify side anyway.
 
Pretty frustrating, my app works in Chrome and Firefox, but no joy in Safari, which is holding up my app approval.
0 Likes
Reply
‎09-01-2020 08:40 AM
olivert
Explorer
51 11 14

Another post with similar issue

https://community.shopify.com/c/Shopify-APIs-SDKs/Unrecognized-Content-Security-Policy-directive-wor...

Had anyone ever had apps working on safari?

Seems it blocks iframes 

 

0 Likes
Reply
‎11-21-2020 12:41 AM
phutureb
Shopify Expert
3 0 0

Same here. My app does not use cookies, so solutions like this do not apply.

I am still trying to wrap my head around the issue, but what I think is happening is this:

  1. When the Shopify admin page is loaded in the browser, Shopify's web server is sending along a Content-Security-Policy header containing the "worker-src" string which is unrecognized / unsupported in Safari.

  2. Because Safari doesn't recognize that string, it defaults to the strictest possible interpretation, which is not to allow loading of iframes from external sources.  Thus, the iframe that loads the embedded app does not get rendered.

Does that explanation sound at all accurate?  Or am I off base?

 

 

0 Likes
Reply
‎03-03-2021 09:52 PM
sillycube
Shopify Partner
209 7 15

Any update in 2021?

My app also cannot work in Safari 13.1.3

SPO - SEO App to research keywords & edit social link preview
0 Likes
Reply
Quick links
Facebook Twitter Youtube Instagram Linkedin Pinterest
Terms of Service Privacy Policy