Gettings CSP(Content Security Policy directive) related error

Highlighted
Shopify Partner
9 0 0

I have created a rails application for the Shopify platform. After the successful installation of the App on Shopify Store I am getting an error related to the "Content Security Policy directive".

I am getting this error when the app is redirected to load on iframe in the Shopify admin panel. When we load the same on a new tab(Not Iframe) it works fine, but when it redirects to admin the error on screen says "Source is blocked by the external server" and in the console, it shows:-

"Refused to frame 'https://72.15.201.248:8080/' because it violates the following Content Security Policy directive: "frame-src app.myshopify.io .shopifyapps.com *.myshopify.io .myshopify.com https:// shopify-pos://"."

Can anyone help with this issue? During my search, I found that this happens when you are loading an external website on iframe.

Any suggestions could help.

0 Likes
Highlighted
Shopify Staff
Shopify Staff
624 100 114

Hey @gaurav69 ,

 

Some suggestions that may help:

 

1) Ensure that all content from your app is being loaded over HTTPS and not HTTP (however from your URL it seems that this is probably already the case)

2) Use an SSL Tunneling service like Ngrok 

 

This doc may also help: https://www.shopify.ca/partners/blog/shopify-admin-authenticate-app

 

Hassain | Developer Support Specialist @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

0 Likes