shopify team is sending me two issues again and again although I have resolved them

shopify team is sending me two issues again and again although I have resolved them

derenhg
Shopify Partner
15 0 2

shopify team is sending me two issues again and again although I have resolved them. here are these two issues

  • App must set security headers to protect against clickjacking.
    Your app must set the proper frame-ancestors content security policy directive to avoid clickjacking attacks. The 'content-security-policy' header should set frame-ancestors https://[shop].myshopify.com https://admin.shopify.com, where [shop] is the shop domain the app is embedded on.
  • App must verify the authenticity of the request from Shopify.
    Expected HTTP 401 (Unauthorized), but got HTTP 405 from {url}. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest. Learn more about verifying a webhook
  •  
Reply 1 (1)

VictorLi
Shopify Partner
4 0 0

Me too, tragic.