Hi everyone. Please can anyone help with a recent automated rejection message we got ?
The rejection says: App must set security headers to protect against clickjacking: There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL. <Prints url called to get our app from Shopify admin>. Make sure it is valid.
When you install and load our embedded app on the Shopify Admin, the app loads fine. When we follow the steps to setup iframe protection: https://shopify.dev/apps/store/security/iframe-protection, that all works fine on our app.
We believe the problem is with the Shopify Admin (or browser?) cancelling the first request to fetch our app, and then firing a second request. It seems the automated test only waits for the response of the first request, and assumes the app does not load. (see attached image)
We have previously passed automated stages of the app review, so we believe this could be a recent change from Shopify somewhere.
Any help will be appreciated.
Exactly the same problem with me, first request gets cancelled, second one goes through and iframe loads fine in development store
@Yusman But after the application passed the automated tests, do you still see the canceled request in the network tab?
This is extremely frustrating because earlier my app passed automated tests and was rejected by manual reviewer. Now I am stuck on the first requirement of application approval but nothing changed in the code of my application.
Does anybody have a similar problem? Why the first request is canceled? I believe this is the reason for rejection.
I have the same problem. I can see in the network tab that first request is canceled. @yasir_naseer did you resubmit your app. Did they accept it?
Just a hypothesis, but have you guys tested clearing the "shopifyTestCookie" cookie?
I tested removing the "shopifyTestCookie" it from my browser and it stopped showing stalled requests.
It also stopped showing "prefetch" queries, maybe they use the cookies to pre render stuff and something goes wrong when you don't erase cookies after auth?
Also having the same issue. The headers are present but I notice that the first request is canceled when loading the app, did you ever get this resolved?
Bumping this question as I'm running into this myself now. In my case, I don't get any errors regarding clickjacking, I just get the first cancelled request with 0 bytes. Second request is fine. Same payload, same everything.
If anyone solved this, I'd LOVE to know how 😉
Hello, I don't know if it will help but, apart from the content
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com
I see that you have a ";" at the very end. in my case I use only
frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com I hope it helps Cheers
still encountering this issue. My first request gets cancelled. This is causing longer load times for my app.
So if anyone of you got this figured out, I would appreciate a solution! 🙂
On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...By Arno Nov 27, 2023
You've downloaded the Search & Discovery app from the Shopify App store, and as you're ...By Skye Nov 8, 2023