Our embedded app won't load in Safari (13.1.2):
[Error] Unrecognized Content-Security-Policy directive 'worker-src'.
[Error] Refused to load https://XXXX.myshopify.com/admin/auth/login because it does not appear in the frame-ancestors directive of the Content Security Policy.
Seems the issue is is happening while still in Shopify flow.
We're using app-bridge-react Provider component to embed in Shopify admin.
Hi @instaconnect , unfortunately - no, haven't found a solution yet. This has worked properly before but at some point stopped to.
Think that Safari updates are outpacing some of the Shopify iframe mechanisms.
Hi @Shaibt, I'm also finding this issue.
It seems to be due to the Response header settings:
Content-Security-Policy: frame-ancestors 'none'
Which relate to the redirect response:
Another post with similar issue
Had anyone ever had apps working on safari?
Seems it blocks iframes