Gettings CSP(Content Security Policy directive) related error

Shopify Partner
9 0 0

I have created a rails application for the Shopify platform. After the successful installation of the App on Shopify Store I am getting an error related to the "Content Security Policy directive".

I am getting this error when the app is redirected to load on iframe in the Shopify admin panel. When we load the same on a new tab(Not Iframe) it works fine, but when it redirects to admin the error on screen says "Source is blocked by the external server" and in the console, it shows:-

"Refused to frame '' because it violates the following Content Security Policy directive: "frame-src * https:// shopify-pos://"."

Can anyone help with this issue? During my search, I found that this happens when you are loading an external website on iframe.

Any suggestions could help.

Shopify Staff (Retired)
Shopify Staff (Retired)
624 102 129

Hey @gaurav69 ,


Some suggestions that may help:


1) Ensure that all content from your app is being loaded over HTTPS and not HTTP (however from your URL it seems that this is probably already the case)

2) Use an SSL Tunneling service like Ngrok 


This doc may also help:


Hassain | Developer Support Specialist @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution