Focuses on API authentication, access scopes, and permission management.
Hi,
I am facing the issue regarding Refused to frame 'https://mystore.myshopify.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'", i have mentioned all required fields of frame-ancestors that has to be added, below is the implementation. someone can please help me how do i to reach out the solution
header("Content-Security-Policy: frame-ancestors https://".$shop/." https://admin.shopify.com"/);
if( isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] == 'iframe' ) { redirect(base_url('shopifyapi/setup?embedded='.$param.'&token='.$result[0]->usertoken)); } }
where $shop= 'mystore.myshopify.com '
and i am getting the value of this $_SERVER['HTTP_SEC_FETCH_DEST'] =document.
Hi Faiyaz,
This error message suggests that the CSP directive frame-ancestors 'none'
is in effect, which means no domain is allowed to frame your content. This directive overrides any other frame-ancestors
directive you set.
I'd recommend ensuring that your Content-Security-Policy
header syntax is correct and that you're handling string concatenation properly in PHP, ensuring that variables are properly embedded within the string. You should also ensure that no other part of your application (or server configuration) is setting a conflicting CSP header with frame-ancestors 'none', and try clearing the browser cache or test in incognito mode, as browsers can aggressively cache headers, leading to misleading outcomes during troubleshooting.
Hope this helps!
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Hi Liam,
Thankyou for your response,
As you recommended, i tried all the possible solutions and also set .htaccess file(
)
and the point about variable, i also checked it by adding complete name of my store
Same problem, Is there any information regarding this issue?