Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

Highlighted
New Member
1 0 0

The CSP frame-ancestors 'none' setting is causing some problems.

Our new web application has some embedded iframes which point to pages in our legacy web application.  In the legacy application, we redirect the user to their store's "/auth/login" URL.  However we noticed that the "/auth/login" endpoint has a response header content-security-policy of "frame-ancestors 'none'", which prevents the redirect from occurring and throws the following error:

Refused to display 'https://our-store.myshopify.com/admin/auth/login' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Is there a simple way to work around this that lets the user login from within an iframe?

 

0 Likes
Highlighted
New Member
4 0 0

I am facing a similar issue with 

frame-ancestors 'none'; header value

It is now allowing me to domain forward using masking.

 

0 Likes
Highlighted
New Member
4 0 0

Please remove this header
frame-ancestors 'none';

0 Likes
Highlighted
Shopify Expert
29 0 20

I encountered a similar problem, detailed it here https://community.shopify.com/c/Shopify-APIs-SDKs/App-doesn-t-load-in-iframe-on-firefox-safari/m-p/7...

Make more sales by sending discount links or apply discounts automatically based on what's in their shopping cart with ✌ Automatic Discount https://apps.shopify.com/automatic-discount-rules ❖ The only app that allows you to upsell add-ons and bundles without duplicate variants and without any coding needed ✌Ultimate Upsell https://apps.shopify.com/ultimate-upsell
0 Likes
Highlighted
Shopify Partner
6 0 0

same issue

0 Likes
Highlighted
New Member
2 0 0

Any movement on this?

i have the same issue - can’t add shopify cart widget to my site since our shop can’t be loaded into an embedded iframe, even though shopify says to use in an iframe.

 

the http header causing this problem is on shopify’s end since they’re the ones hosting the pages.

0 Likes
Highlighted
New Member
2 0 0

Actually I just found out that the post I read was from 2013.  Please disregard my request for an update - it is clear to me now that shopify doesn't allow it any more.

0 Likes