Error message when trying to run the app

Highlighted
Tourist
8 0 1

I'm not able to run my app FROM SHOPIFY ADMIN WHILE USING FIREFOX BROWSER.
Error message is following:

 

Blocked by Content Security Policy

An error occurred during a connection to store.myshopify.com.

Firefox prevented this page from loading in this way because the page has a content security policy that disallows it.

 

This is inherent to Firefox browser only. What does there wrong?

That worked before

1 Like
Highlighted
Tourist
4 1 0

I got the same problem after firefox 73.0.1 update, the 72.x version worked just fine, I'm wondering if it has to do with the chrome 80 required update (which required the same-site cookie change) or if it has to do with something else. Any lead would help.

0 Likes
Highlighted
Highlighted
Tourist
8 0 1

error.jpg

0 Likes
Highlighted
Tourist
8 0 1

error_1.jpgerror_2.jpg

0 Likes
Highlighted
Shopify Partner
12 0 2

I have the same issue.

 

I've inspected network activity during this and discovered that in Firefox it's different from Chrome.

In Chrome merchant redirected to my app's callback URL after authorisationIn Chrome merchant redirected to my app's callback URL after authorisationIn Firefox merchant redirected to login page and doesn't come back to app's callback anymoreIn Firefox merchant redirected to login page and doesn't come back to app's callback anymore

One of my hypothesis is that Firefox blocks some Lax cookies.

I think those cookies are blockedI think those cookies are blocked

In my app I don't use ShopifyApp or AppBridge to authorize users. I just only redirect users to https://${shop}/admin/oauth/authorize and pass redirect_uri as a query parameter

0 Likes
Highlighted
Shopify Partner
12 0 2

Now I've tried to delete those Lax cookies and create new ones with the same values but with SameSite=Unset.

After this I'm able to open my app.

screenshot-Unset.png

0 Likes
Highlighted
Tourist
8 0 1

child-src

Defines the valid sources for web workers and nested browsing contexts loaded using elements such as <frame> and <iframe>

 

  • Instead of child-src, authors who wish to regulate nested browsing contexts and workers should use the frame-src and worker-src directives, respectively.

 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

 

0 Likes
Highlighted
Shopify Partner
19 0 5

Hi 

 

Iam not able to understand what changes I should make. I'm still facing same issue. @mellon_collie  can you please explain me in more detail what we changes we should make to resolve this error.

 

Thanks..

0 Likes
Highlighted
Shopify Partner
12 0 2

Hi

 

Try to delete cookies with SameSite=Lax before opening the app (when you are at https://${shop}.myshopify.com/admin/apps) and create new ones with the same values but with SameSite=Unset.

They may look like thisThey may look like this

After this step I am able to open the app without errors.

 

I don't know the cause of this behavior.

0 Likes