FROM CACHE - en_header

Shopify App using Laravel keep rejecting because of Content Security Policy

ram_5
Shopify Partner
1 0 0
‎03-29-2023 08:47 AM

Hello Every One 
i'm developing my shopify App using Laravel and my App keep on recting because of Content security Policy 

First i have used the following code in middleware 

 $response = $next($request);
        $user = Auth::user();
        if($user){
            $response->header('Content-Security-Policy', "frame-ancestors https://{$user->name} https://admin.shopify.com");
        }
        return $response;
 
it's not adding any header 
  $response->header('Content-Security-Policy', "frame-ancestors https://{$user->name} https://admin.shopify.com" , false);
but if i use this code 
but it instead of adding frame-ancestors next to existing 'Content-Security-Policy' it duplicated the header and i see duplicate 'Content-Security-Policy' in header 
ram_5_0-1680092841053.png

 

ram_5_1-1680093979122.png

 

 

278 Views
0 Likes
Report
Reply 1 (1)
VideoFAQ
Shopify Partner
19 1 5
‎03-29-2023 03:08 PM

Hmm, I'm not 100% sure, but you can try updating your middleware code to modify the existing 'Content-Security-Policy' header instead of adding a new one. Here's an example of how you can do this:

$response = $next($request);
$user = Auth::user();

if ($user) {
    $csp = $response->headers->get('Content-Security-Policy');
    $csp .= "; frame-ancestors https://{$user->name} https://admin.shopify.com";
    $response->headers->set('Content-Security-Policy', $csp);
}

return $response;

The above should first retrieve the existing 'Content-Security-Policy' header value using $response->headers->get('Content-Security-Policy'). Then, it appends the required 'frame-ancestors' directive to the existing value. Finally, it sets the modified 'Content-Security-Policy' header back to the response using $response->headers->set('Content-Security-Policy', $csp).

 

This approach should prevent duplicate 'Content-Security-Policy' headers and apply the necessary 'frame-ancestors' directive to your app.

 

I hope this helps!

- Video FAQ is the best solution for your FAQ. Check it out here.
- Generous free plan
- Best analytics in FAQs
- AI-generated questions and subtitles
247 Views
0 Likes
Report
Community Browser

Community Blog Articles

cropped-SYSO-okt23-GROW.png
Unlocking the Secrets of E-commerce Success: An Exclusive Interview with SY...

On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...

By Arno Nov 27, 2023
cropped-shutterstock_offset_2207989361.jpg
Organize Your Products Like a Rainbow: Metafields and Color Sorting

You've downloaded the Search & Discovery app from the Shopify App store, and as you're ...

By Skye Nov 8, 2023
Jasonh_0-1698862247798.png
Community Connect: October Recap

The year-end shopping season is just around the corner. Is a flash sale on your radar? Are...

By Jasonh Nov 6, 2023
Terms of Service Privacy Policy