Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

App review clickjacking

App review clickjacking

KhoaNguyenDev
Shopify Partner
3 0 0

Hi,

I have an issue with clickjacking when submitting the app for review: "App must set security headers to protect against clickjacking."

Currently, I'm using ReactJs and .Net Core Web API and following this instruction https://shopify.dev/apps/store/security/iframe-protection using cracro and react-app rewired to modify the response header in create react app but it still doesn't work.

 

Replies 2 (2)

JuanH
Shopify Partner
7 1 2

Similar issue here. I submitted the app and it was rejected with this message:

 

App must set security headers to protect against clickjacking.
There was an error opening your app in the Shopify admin. Your embedded app is redirecting the top frame outside of the Shopify admin URL (https://app-security.myshopify.com/admin/settings/apps?app_id=1234567&oauth_error=same_site_cookies). Embedded apps are expected to be rendered within the iframe. Learn more about testing your app before submitting.

 

They added this image for reference, the URL looks like:
https://mysite.com/auth?hmac=...&host=...&shop=coffeewithmee.myshopify.com&timestam...

 

screenshot.png

 

Has anyone had a similar error or know what the solution might be?

 

ktrzcins
Shopify Partner
13 1 1

Hi i am facing the same issue. Did you manage to resolve it? Thanks.