A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
Hi,
I have an issue with clickjacking when submitting the app for review: "App must set security headers to protect against clickjacking."
Currently, I'm using ReactJs and .Net Core Web API and following this instruction https://shopify.dev/apps/store/security/iframe-protection using cracro and react-app rewired to modify the response header in create react app but it still doesn't work.
Similar issue here. I submitted the app and it was rejected with this message:
App must set security headers to protect against clickjacking.
There was an error opening your app in the Shopify admin. Your embedded app is redirecting the top frame outside of the Shopify admin URL (https://app-security.myshopify.com/admin/settings/apps?app_id=1234567&oauth_error=same_site_cookies). Embedded apps are expected to be rendered within the iframe. Learn more about testing your app before submitting.
They added this image for reference, the URL looks like:
https://mysite.com/auth?hmac=...&host=...&shop=coffeewithmee.myshopify.com×tam...
Has anyone had a similar error or know what the solution might be?
Hi i am facing the same issue. Did you manage to resolve it? Thanks.