Embedded app wont load in Safari - no Cookies

Highlighted
Excursionist
14 1 5

Our embedded app won't load in Safari (13.1.2):

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to load https://XXXX.myshopify.com/admin/auth/login because it does not appear in the frame-ancestors directive of the Content Security Policy.

 

Seems the issue is is happening while still in Shopify flow.

We're using  app-bridge-react Provider component to embed in Shopify admin.

Our embedded app doesn't use cookies so I don't think this thread is relevant to our problem  - unless I've missed something.

 

1 Like
Highlighted
Shopify Partner
4 0 0

Hi Shaibt, did you find a solution for this?  We are experiencing the same issue.

0 Likes
Highlighted
Excursionist
14 1 5

Hi @instaconnect , unfortunately - no, haven't found a solution yet. This has worked properly before but at some point stopped to.

Think that Safari updates are outpacing some of the Shopify iframe mechanisms.

1 Like
Highlighted
New Member
1 0 0

Hi @Shaibt, I'm also finding this issue.

It seems to be due to the Response header settings:

Content-Security-Policy: frame-ancestors 'none'

And possibly: 

X-Frame-Options: DENY

Which relate to the redirect response:

Redirect Response 303
Location: https://XXXX.myshopify.com/admin/auth/login
 
But I'm not sure so far where the headers for this response are set, and suspect its on the Shopify side anyway.
 
Pretty frustrating, my app works in Chrome and Firefox, but no joy in Safari, which is holding up my app approval.
0 Likes
Highlighted
Explorer
41 9 9

Another post with similar issue

https://community.shopify.com/c/Shopify-APIs-SDKs/Unrecognized-Content-Security-Policy-directive-wor...

Had anyone ever had apps working on safari?

Seems it blocks iframes 

 

0 Likes