Blocked by Content Security Policy (FireFox)

laksh · ‎03-28-2020

Hello, I am stuck with some "Blocked by Content Security Policy".

My Shopify app basically opens in an iframe. Only with Firefox Browser, I am receiving this error. I checked it with Inspect Element and I saw this "frame-ancestors". ( Screenshot -> https://prnt.sc/rojyht )

I reviewed this document -> https://content-security-policy.com/faq/

In my nginx configuration, I added ->

add_header Content-Security-Policy "frame-ancestors 'self' https://*.myshopify.com;";

It added successfully in the Response Header but still, I see the same error.

Can anyone help me with this, I can provide more information if needed.

Thanks

sillycube · ‎03-30-2020

I also have the same problem recently. I guess it should be due to the latest update of chrome & firefox. For Content-Security-Policy, is it set by Shopify or the developer?

SPO - SEO App to research keywords & edit social link preview

laksh · ‎04-04-2020

After doing a lot of research I found 2 links that helped to fix this problem. I hope it helps you too.

1. https://shopify.dev/tools/app-bridge/getting-started#authenticate-with-oauth
2. https://github.com/Shopify/shopify_app/wiki/Using-postMessage-during-embedded-app-authenticate

Good luck.

DanielLabs · ‎04-12-2020

Please, could you explain what was you doing wrong... I didn't understand where is the problem.

laksh · ‎04-13-2020

You need to use postMessage (javascript function) to escape from this problem. You cannot do authentication in the backend.

Blocked by Content Security Policy (FireFox)

Products at Checkout

Facebook Sales Channel Data Source Issues

Local Delivery for specific products

can not log in

Looking for a receipt/invoice app that features coupon area

Re: Bottle deposit and Enviro fee

Re: Deleted App is still active on my store - Can't remove.

Products at Checkout

Facebook Sales Channel Data Source Issues

Re: Advanced automated export of orders