FROM CACHE - en_header
Promotion image

App rejected by shopify because of frame-ancestors content security policy directive

App rejected by shopify because of frame-ancestors content security policy directive

akshayks3
Visitor
2 0 3
‎02-11-2022 12:42 PM

Requirements that must be met before initial screening

  1. App must set security headers to protect against clickjacking.
    Your app must set the proper frame-ancestors content security policy directive to avoid clickjacking attacks. The 'content-security-policy' header should set frame-ancestors https://[shop].myshopify.com https://admin.shopify.com, where [shop] is the shop domain the app is embedded on.

App is made using shopify CLI (shopify app create node).

Where all should we put  'content-security-policy' header in the application code?

I have also added a theme app extension to this app. Is theme app extension causing this issue

565 Views
1 Like
Report
Replies 0 (0)

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Verification requirement deadline fast approaching for Shopify Payments Can...

In Canada, payment processors, like those that provide payment processing services t...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy