Development discussions around Shopify APIs
Hi.
Im trying to use my app shopify store on a external app, but im getting this error from x-frame-options.
i read in this forum about people having the same issue, but all the aswer were outdated.
Someone know is this can be disabled on the shopify admin, or a liquid code way?.
Also i was reading about having to configure a access_token or frame_token and if this is a solution how can i configure it?.
Thanks for your time reading this.
Hey @Gabriel_Ortiz,
Shopify doesn't allow shops to be served in an iframe, and the default behaviour for all storefront requests is to send the `X-Frame-Options` = `DENY` header. This prevents "clickjacking" (aka UI redress) attacks where a bad actor could use your site to trick and redirect users to a malicious site. More information about this can be found in the original API announcement here.
If you're trying to display your store contents in an external application, I recommend having a look at our storefront API docs here. The storefront API provides tools that allow you to get and display information about your store in mobile apps or on the web, and also allows you to easily use Shopify's checkout for fast and secure payment within your app.
JB | Solutions Engineer @ Shopify
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
@_JB thank you for the explanation. I see this post is old however, I came across it today due to the fact that this implementation breaks mobile editing in google optimize which is very annoying for conversion optimization testing.
Is there a workaround for this?
Google recommends setting X-Frame-Options: sameorigin, since this means only the website could frame itself, would this be a security risk?
We recently run into the same issue breaking our feature for clients.
+1 to @Adam_Hurlburt 's suggestion on X-Frame-Options: sameorigin and that provides good protection against malicious cross-domain actors.
Would the Shopify team please take a look and consider? @_JB
Connect your PayPal account to allow your customers to checkout using the PayPal gateway a...
ByYour online store speed can enhance your store’s discoverability, boost conversion rates a...
ByShopping is at our fingertips with mobile devices. Is your theme optimized to be user-frie...
By