My app was reject for "Your embedded app is loading an invalid URL"

mattsears · ‎10-13-2022

Hello! My app was rejected in the initial screening. This is the full and only feedback I got from the reviewer:

1. App must set security headers to protect against clickjacking.
There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL (https://by.myapp.com/?embedded=1&hmac=88f41b41ca4b837169ed5612bbe45290d854f61d50d2fd3bac004a321811ba...). Make sure it is valid. [Learn more about testing your app before submitting](https://shopify.dev/apps/store/review/testing).

No screenshots or screencasts were provided.

The URL in question is generated from the `shopify_app` Ruby gem (or Shopify itself) so it's confusing why this would be rejected. I have no control over how the url is generated.

My app is using shopify_app gem version 20.1.1. I've made sure that I have the correct frame-ancestors security headers set.

How can I fix this issue when I don't have control over how the url is generated and how can I contact the reviewer to let them know?

Any insights are greatly appreciated!

MarkNZL · ‎10-19-2022

Also having the same issue. The clickjacking headers are present but I notice that the first request is canceled when loading the app, did you ever get this resolved?

mattsears · ‎10-20-2022

Yes and no. I re-submitted the listing without changes a few days after the rejection and was able to get past the initial screening. Not sure if it was a temporary issue on Shopify's end or not.

My app was reject for "Your embedded app is loading an invalid URL"

My app was reject for "Your embedded app is loading an invalid URL"

Community Blog Articles