How to unblock an iframe from our other site's domain?

Highlighted
New Member
2 0 0

We have a Shopify store, and we need to iframe specific content from our sister site, a different domain name. I could go into great detail but that is the bottom line, more details on request. I am sure many of you are aware that generally speaking Shopify policy blocks all iframes - but that isn't actually true, since URL's such as Vimeo videos, YouTube videos, Sketchfab 3d viewers, and random other links big and small are embedded just fine.

Shopify support is saying the only way to allow our external domain to be iframed is to turn off all blocking(clickjack protection) 100%, which we can request. But as I mentioned this doesn't make sense because numerous sites get through just fine as of now. I assume these sites are doing something to get through the blocking regardless? That is what Shopify suggests, and that I contact them to ask how they get around it - and/or post on the forums here to ask.

I have read and researched everything about X-Options and clickjack blocking etcetcetc. till I have a headache and no real tangible solution, just a lot of theory and facts on how the system supposedly functions and the stock fixes - none of which apply specifically to our issue(s). I am not a programmer, and I know a bare minimum HTML to get by. Our programmer does understand these things, but he is not a Shopify programmer and not an X-Options etc. expert. It's my understanding our programmer knows how to prevent others from embedding our domain content from our server side, but not how to get Shopify to specifically unblock it.

Any knowledge or suggestions on how to "whitelist" and/or unblock our specific external content in an iframe on Shopify would be appreciated. Whether Shopify side or on our server side. We are stuck.

Thank you very much in advance.
Cris

0 Likes
Highlighted
New Member
2 0 0

ADDENDUM:
All these sites/url's are able to get through the Shopify iframe blocking:

https://scriptasylum.com/rc_speed/top_speed.html
And of course direct url's to Vimeo and YouTube videos.
FYI - Sketchfab.com is blocked unless "/embed?=1"  is added to the url. Some server redirect on their side? Wild guess.
Similar with Vimeo and YouTube videos which are allowed in iframes.
If any of these clues has helped please let us know.
0 Likes