Automated Review: Your embedded app is loading an invalid URL

Yusman · ‎09-21-2022

Hi everyone. Please can anyone help with a recent automated rejection message we got ?

The rejection says: App must set security headers to protect against clickjacking: There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL. <Prints url called to get our app from Shopify admin>. Make sure it is valid.

When you install and load our embedded app on the Shopify Admin, the app loads fine. When we follow the steps to setup iframe protection: https://shopify.dev/apps/store/security/iframe-protection, that all works fine on our app.

We believe the problem is with the Shopify Admin (or browser?) cancelling the first request to fetch our app, and then firing a second request. It seems the automated test only waits for the response of the first request, and assumes the app does not load. (see attached image)

We have previously passed automated stages of the app review, so we believe this could be a recent change from Shopify somewhere.

Any help will be appreciated.

frodrigues · ‎09-21-2022

Exactly the same problem with me, first request gets cancelled, second one goes through and iframe loads fine in development store

https://community.shopify.com/c/shopify-apis-and-sdks/app-submission-invalid-url-error/td-p/1747008

yasir_naseer · ‎10-09-2022

Greetings, are you able to resolve this issue?

Yusman · ‎10-09-2022

We just resubmitted the app and did not get the auto rejection. I assume Shopify resolved it.

yasir_naseer · ‎10-09-2022

oh i see, so basically you resubmitted the app, without doing any changes for this issue? or have you done some changes?

Yusman · ‎10-09-2022

No changes. We just resubmitted as was.

Maciej_Regula · ‎10-10-2022

@Yusman But after the application passed the automated tests, do you still see the canceled request in the network tab?

This is extremely frustrating because earlier my app passed automated tests and was rejected by manual reviewer. Now I am stuck on the first requirement of application approval but nothing changed in the code of my application.

Does anybody have a similar problem? Why the first request is canceled? I believe this is the reason for rejection.

Yusman · ‎10-10-2022

I haven’t checked for that again, I’ll check if it’s still canceled, and I’ll let you know

Yusman · ‎10-10-2022

I just checked again on our app. it's still cancels first request.

Maciej_Regula · ‎10-11-2022

Ok thanks for the reply. This is so weird. It seems that the canceled request is not the problem.

Maciej_Regula · ‎10-10-2022

I have the same problem. I can see in the network tab that first request is canceled. @yasir_naseer did you resubmit your app. Did they accept it?

ScalaApps · ‎10-10-2022

Im getting the exact same error but it only happens in my test apps, the published ones do not get the first request cancelled

Scala Apps

- If you find my reply helpful, please hit Like and Mark as Solution

- Se você achar minha resposta útil, por favor clique em Curtir e Marcar como Solução

Parcelamento/Installments | Hide sold variants | Apps | Blog

ScalaApps · ‎10-11-2022

Just a hypothesis, but have you guys tested clearing the "shopifyTestCookie" cookie?

I tested removing the "shopifyTestCookie" it from my browser and it stopped showing stalled requests.

It also stopped showing "prefetch" queries, maybe they use the cookies to pre render stuff and something goes wrong when you don't erase cookies after auth?

Scala Apps

- If you find my reply helpful, please hit Like and Mark as Solution

- Se você achar minha resposta útil, por favor clique em Curtir e Marcar como Solução

Parcelamento/Installments | Hide sold variants | Apps | Blog

MarkNZL · ‎10-19-2022

Also having the same issue. The headers are present but I notice that the first request is canceled when loading the app, did you ever get this resolved?

Kris_Doyle · ‎06-30-2023

Bumping this question as I'm running into this myself now. In my case, I don't get any errors regarding clickjacking, I just get the first cancelled request with 0 bytes. Second request is fine. Same payload, same everything.

If anyone solved this, I'd LOVE to know how 😉

ThreeGoldenMonk · ‎11-16-2022

Hello, I don't know if it will help but, apart from the content 
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com 
I see that you have a ";" at the very end. in my case I use only 
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com
I hope it helps
Cheers

felixmpaulus · ‎11-22-2023

still encountering this issue. My first request gets cancelled. This is causing longer load times for my app.

So if anyone of you got this figured out, I would appreciate a solution! 🙂

✅ Add bullet points to your productpage with Bloom: Product Feature Bullets
✅ Increase branding and conversion. Set your store apart.
❤️ Free Plan available. Exclusively 5-star reviews.

✅ Transform product photos into interactive 3D models with Fira: AI Video to 3D Model
✅ Boost engagement and reduce returns with immersive shopping experiences.
 Easy setup with AI-powered conversion from regular videos to 3D models.

Automated Review: Your embedded app is loading an invalid URL