How can I fix the error " because it violates the following Content Security Policy directive: "child-src 'self' https://*...?

Highlighted
New Member
2 0 0

Hi,

I am biulding an amazon afiliate site with shopify using supply theme. When I embled amazon iframe into a shopify page It cant load the products on the page 2 of the frame like this:

 

As shown in the picture, the error is : Refused to frame 'http://astore.amazon.com/ha12345-20?node=1&page=2' because it violates the following Content Security Policy directive: "child-src 'self' https://* blob: data:".

How cant I fix this? I really need help. 

Thank you for reading! 

0 Likes
Highlighted
Shopify Expert
9850 97 1611

Hey Mekeo,

Without seeing a live link to your store this does make things harder to troubleshoot.

Have you tried using a secure url for the iframe - so https://... vs http://...

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
0 Likes
Highlighted
New Member
2 0 0

Thank you for replying Jason,

Here is the live link : https://atozhouse.net/pages/embellishments

You are right, the problem is http and https, but I don't know how to fix it.

There seem to be no way to change amazon's iframe code. ( Or I don't know). Is there anything I can do with shopify?

I would be very greatful if you can help. Thank you very much.

0 Likes
Tourist
4 0 0

Hello Jason,

 

I also facing same issue.

I'm developing an app that should display a form to get some user credentials regarding a 3rd party service. So, I enter "https://x.x.x.x.x:803/web" as my App URL, which serves SSL traffic trough a self-signed certificate. I am able to open this URL in my browser and when I accept the security issue about the certificate, I am able to see my app.

However, this does not happen in the Shopify admin interface. I see the iframe is generated with that src, but then Chrome says:

"Refused to frame 'https://x.x.x.x:803/' because it violates the following Content Security Policy directive: "child-src 'self' https://* shopify-pos://*". Note that 'frame-src' was not explicitly set, so 'child-src' is used as a fallback."

 

Requests to the server have been blocked by an extension.Requests to the server have been blocked by an extension.

 

0 Likes