Have your say in Community Polls: What was/is your greatest motivation to start your own business?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

User change a plan getting "refuse to display in a frame because it set 'X-Frame-Options' to 'deny'"

Solved

User change a plan getting "refuse to display in a frame because it set 'X-Frame-Options' to 'deny'"

chenster
Shopify Partner
134 5 30

Hello, I'm working on a Shopify marketing widget app. I got almost everything done except some weird issues when users changing the plan.

Currently, users have no problem installing the app after approve the free plan during install to use the app. 

The problem comes when users later attempt to change the plan. It gets " "refuse to display in a frame ...<URL>... because it set 'X-Frame-Options' to 'deny'".

On the pricing table each has a link that goes to a my app URL in this form

https:// <myawesomeapp>.com/shopify/add_plan/standard

chenster_0-1597459307563.png

..then app crashes with the error message in the browser console with 

Refused to display 'https://<sampleshpify-store>.myshopify.com/admin/charges/17838866591/request_recurring_application_charge?signatu...' in a frame because it set 'X-Frame-Options' to 'deny'.

chenster_1-1597459328567.png

I've tried to add X-Frame-Options "samesite" to Apache security.conf. No help.

I understand the browser stopped the webpage from displaying due to the X-Frame-Options settings as a security measure. But I have no idea how to get around this because the changing plan had come from the pricing table in the app website (e.g. myapp.com), then redirect to Shopify, all inside an iframe. 

I felt it has probably some fundamental architectural issues with my approach as I'm still new to Shopify app development (1 month into it).

Thanks! 

Cartoo
Accepted Solution (1)

chenster
Shopify Partner
134 5 30

This is an accepted solution.

Base on an older discussion, I got around the X-Frame-Option limitation by using the client-side redirect that forces the top parent window to go to the confirmation url.

$confirmation_client_load = <<< CONFIRMATION_CLIENT_LOAD
<html>
<head>
</head>
<body onload="onLoadDocument()">
<script type="text/javascript">
function onLoadDocument() {
console.log("here");
console.log('{$plan['confirmation_url']}');
window.top.location.href = '{$plan['confirmation_url']}';
}
</script>
</body>
</html>
CONFIRMATION_CLIENT_LOAD;
echo $confirmation_client_load;

 


Not sure if there's a more elegant solution, but it works for me for now.

Cartoo

View solution in original post

Reply 1 (1)

chenster
Shopify Partner
134 5 30

This is an accepted solution.

Base on an older discussion, I got around the X-Frame-Option limitation by using the client-side redirect that forces the top parent window to go to the confirmation url.

$confirmation_client_load = <<< CONFIRMATION_CLIENT_LOAD
<html>
<head>
</head>
<body onload="onLoadDocument()">
<script type="text/javascript">
function onLoadDocument() {
console.log("here");
console.log('{$plan['confirmation_url']}');
window.top.location.href = '{$plan['confirmation_url']}';
}
</script>
</body>
</html>
CONFIRMATION_CLIENT_LOAD;
echo $confirmation_client_load;

 


Not sure if there's a more elegant solution, but it works for me for now.

Cartoo