App review clickjacking

KhoaNguyenDev
Shopify Partner
3 0 0

Hi,

I have an issue with clickjacking when submitting the app for review: "App must set security headers to protect against clickjacking."

Currently, I'm using ReactJs and .Net Core Web API and following this instruction https://shopify.dev/apps/store/security/iframe-protection using cracro and react-app rewired to modify the response header in create react app but it still doesn't work.

 

Replies 2 (2)

JuanH
Shopify Partner
7 1 2

Similar issue here. I submitted the app and it was rejected with this message:

 

App must set security headers to protect against clickjacking.
There was an error opening your app in the Shopify admin. Your embedded app is redirecting the top frame outside of the Shopify admin URL (https://app-security.myshopify.com/admin/settings/apps?app_id=1234567&oauth_error=same_site_cookies). Embedded apps are expected to be rendered within the iframe. Learn more about testing your app before submitting.

 

They added this image for reference, the URL looks like:
https://mysite.com/auth?hmac=...&host=...&shop=coffeewithmee.myshopify.com&timestam...

 

screenshot.png

 

Has anyone had a similar error or know what the solution might be?

 

ktrzcins
Shopify Partner
13 1 1

Hi i am facing the same issue. Did you manage to resolve it? Thanks.