Our embedded app won't load in Safari (13.1.2):
[Error] Unrecognized Content-Security-Policy directive 'worker-src'.
[Error] Refused to load https://XXXX.myshopify.com/admin/auth/login because it does not appear in the frame-ancestors directive of the Content Security Policy.
Seems the issue is is happening while still in Shopify flow.
We're using app-bridge-react Provider component to embed in Shopify admin.
Hi @Shaibt, I'm also finding this issue.
It seems to be due to the Response header settings:
Content-Security-Policy: frame-ancestors 'none'
Which relate to the redirect response:
Another post with similar issue
Had anyone ever had apps working on safari?
Seems it blocks iframes
I am still trying to wrap my head around the issue, but what I think is happening is this:
Does that explanation sound at all accurate? Or am I off base?