Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

New Member
1 0 0

The CSP frame-ancestors 'none' setting is causing some problems.

Our new web application has some embedded iframes which point to pages in our legacy web application.  In the legacy application, we redirect the user to their store's "/auth/login" URL.  However we noticed that the "/auth/login" endpoint has a response header content-security-policy of "frame-ancestors 'none'", which prevents the redirect from occurring and throws the following error:

Refused to display 'https://our-store.myshopify.com/admin/auth/login' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Is there a simple way to work around this that lets the user login from within an iframe?

 

0 Likes
Highlighted
New Member
4 0 0

I am facing a similar issue with 

frame-ancestors 'none'; header value

It is now allowing me to domain forward using masking.

 

0 Likes
Highlighted
New Member
4 0 0

Please remove this header
frame-ancestors 'none';

0 Likes