Shopify App using Laravel keep rejecting because of Content Security Policy

Shopify Partner
1 0 0

Hello Every One 
i'm developing my shopify App using Laravel and my App keep on recting because of Content security Policy 

First i have used the following code in middleware 

 $response = $next($request);
        $user = Auth::user();
            $response->header('Content-Security-Policy', "frame-ancestors https://{$user->name}");
        return $response;
it's not adding any header 
  $response->header('Content-Security-Policy', "frame-ancestors https://{$user->name}" , false);
but if i use this code 
but it instead of adding frame-ancestors next to existing 'Content-Security-Policy' it duplicated the header and i see duplicate 'Content-Security-Policy' in header 





Reply 1 (1)
Shopify Partner
19 1 5

Hmm, I'm not 100% sure, but you can try updating your middleware code to modify the existing 'Content-Security-Policy' header instead of adding a new one. Here's an example of how you can do this:

$response = $next($request);
$user = Auth::user();

if ($user) {
    $csp = $response->headers->get('Content-Security-Policy');
    $csp .= "; frame-ancestors https://{$user->name}";
    $response->headers->set('Content-Security-Policy', $csp);

return $response;

The above should first retrieve the existing 'Content-Security-Policy' header value using $response->headers->get('Content-Security-Policy'). Then, it appends the required 'frame-ancestors' directive to the existing value. Finally, it sets the modified 'Content-Security-Policy' header back to the response using $response->headers->set('Content-Security-Policy', $csp).


This approach should prevent duplicate 'Content-Security-Policy' headers and apply the necessary 'frame-ancestors' directive to your app.


I hope this helps!

- Video FAQ is the best solution for your FAQ. Check it out here.
- Generous free plan
- Best analytics in FAQs
- AI-generated questions and subtitles