A space to discuss online store customization, theme development, and Liquid templating.
I have a site: www.healthybeings.com
I have some of the pages created within shopify and some in Hubspot. When the user goes between shopify and hubpost the user is logged out of shopify. I need help with the top header where the user stays logged in, the search bar features in shopify work in Hubspot and with the shopping cart it show the number in the cart when on a hubspot page. I hired a programmer certified with shopify and hubspot but has had an issue with getting his code to work.
This is the last response i received from shopify:
Hi Trent,
Thank you for your reply. In the screenshot you provided of console, it's not showing frame-ancestors 'none' which is what we'd expect to see if Shopify's clickjacking security was still enabled. I don't know what frame-ancestors * is. A colleague thought there could be an issue with the developer viewing the website locally, but this really is out of our scope of support. The clickjacking security feature has definitely been disabled to allow your website to be viewed inside an iFrame.
I'd recommend posting in the Shopify Developers forum to see if anyone has come across this particular console warning before.
Is there anybody that can help me with this solution?
Thanks,
What's the console error? Pulling up this site, the console shows a few HTTP 404's. Which might be consequential if these elements are required in order for things to properly work...
It said: refused to frame [Web Address] because an ancestor violates the following content security policy directive: "frame-ancestors *".
I see now what you're getting at. If this is a parent/child IFrame scenario, then there are likely some restrictions that were put into place blocking via CORS policies. I believe that Shopify might have tightened things up not too long ago. One idea would be to have a middleware service that handles some of these API calls. Hit that service via a Shopify app proxy and then things should work. I'm just throwing ideas out there at this point, but it's something perhaps worth looking into!