I placed iframe inside my embedded app to load storefront page. I am building a third-party app to tracking behavior users, and imitate user behavior through position x, y to create a video which like record user. However, I read the policy change when load storefront page. So I am trying to find another alternative solution.
First, ensure that the URL's you supplied in the App Whitelist and Auth callbacks are HTTPS.
Next, clear out your local storage (if the URL has changed since you last ran the app, and if anything goes wrong in general, this is a blunt tool to approach this). It forces you to log out, clearing your cookies and such, and starts from scratch.