Automated Review: Your embedded app is loading an invalid URL

Yusman
Tourist
6 1 6

 

Hi everyone. Please can anyone help with a recent automated rejection message we got ?

The rejection says: App must set security headers to protect against clickjacking: There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL. <Prints url called to get our app from Shopify admin>. Make sure it is valid.

When you install and load our embedded app on the Shopify Admin, the app loads fine. When we follow the steps to setup iframe protection: https://shopify.dev/apps/store/security/iframe-protection, that all works fine on our app.

We believe the problem is with the Shopify Admin (or browser?) cancelling the first request to fetch our app, and then firing a second request. It seems the automated test only waits for the response of the first request, and assumes the app does not load. (see attached image)

 

We have previously passed automated stages of the app review, so we believe this could be a recent change from Shopify somewhere.

 

Any help will be appreciated.
app_complain.png

 

Replies 16 (16)

frodrigues
Shopify Partner
9 0 3

Exactly the same problem with me, first request gets cancelled, second one goes through and iframe loads fine in development store

Screenshot 2022-09-21 at 14.29.02.png

https://community.shopify.com/c/shopify-apis-and-sdks/app-submission-invalid-url-error/td-p/1747008

yasir_naseer
Shopify Partner
8 0 3

Greetings, are you able to resolve this issue?

Yusman
Tourist
6 1 6
We just resubmitted the app and did not get the auto rejection. I assume Shopify resolved it.
yasir_naseer
Shopify Partner
8 0 3

oh i see, so basically you resubmitted the app, without doing any changes for this issue? or have you done some changes?

Yusman
Tourist
6 1 6
No changes. We just resubmitted as was.
Maciej_Regula
Shopify Partner
7 0 2

@Yusman But after the application passed the automated tests, do you still see the canceled request in the network tab?

 

This is extremely frustrating because earlier my app passed automated tests and was rejected by manual reviewer. Now I am stuck on the first requirement of application approval but nothing changed in the code of my application.

 

Does anybody have a similar problem? Why the first request is canceled? I believe this is the reason for rejection.

Yusman
Tourist
6 1 6
I haven’t checked for that again, I’ll check if it’s still canceled, and I’ll let you know
Yusman
Tourist
6 1 6

I just checked again on our app. it's still cancels first request.

Maciej_Regula
Shopify Partner
7 0 2

Ok thanks for the reply. This is so weird. It seems that the canceled request is not the problem.

Maciej_Regula
Shopify Partner
7 0 2

I have the same problem. I can see in the network tab that first request is canceled. @yasir_naseer did you resubmit your app. Did they accept it?

DaviAreias
Shopify Partner
37 0 6

Im getting the exact same error but it only happens in my test apps, the published ones do not get the first request cancelled

DaviAreias
Shopify Partner
37 0 6

Just a hypothesis, but have you guys tested clearing the "shopifyTestCookie" cookie

 

I tested removing the "shopifyTestCookie" it from my browser and it stopped showing stalled requests.

 

It also stopped showing "prefetch" queries, maybe they use the cookies to pre render stuff and something goes wrong when you don't erase cookies after auth?

MarkNZL
Shopify Partner
5 0 2

Also having the same issue. The headers are present but I notice that the first request is canceled when loading the app, did you ever get this resolved?

Kris_Doyle
Shopify Partner
140 1 41

Bumping this question as I'm running into this myself now. In my case, I don't get any errors regarding clickjacking, I just get the first cancelled request with 0 bytes. Second request is fine. Same payload, same everything. 

 

If anyone solved this, I'd LOVE to know how 😉

ThreeGoldenMonk
Shopify Partner
1 0 0
Hello, I don't know if it will help but, apart from the content 
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com
I see that you have a ";" at the very end. in my case I use only
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com I hope it helps Cheers

 

felixmpaulus
Shopify Partner
49 0 19

still encountering this issue. My first request gets cancelled. This is causing longer load times for my app.

 

So if anyone of you got this figured out, I would appreciate a solution! 🙂

Add bullet points to your productpage with Bloom: Product Feature Bullets
Increase branding and conversion. Set your store apart.
❤️ Free Plan available. Exclusively 5-star reviews.