Yes, whitelisted both, the embedded page url and the shopify url.
Safari gives a hint:
Refused to load https://www.facebook.com/v2.11/plugins/customerchat.php?.... because it does not appear in the frame-ancestors directive of the Content Security Policy.
It appears as if this implementation path does run into issues based on previous posts.
If any Shopify staffers can also chime in about this...