Hello guys, I am facing an issue with verifying the public app on Shopify. It shows the error as shown in the figure. We are using Shopify-app gem for installation.
The errors are pretty self explanatory but someone seemed to have copy and pasted the description of the problem twice instead of proving you with the correct descriptions for the errors.
The first error is that you need to set the response header when serving your app.
If you have an embedded app you need to set the content security policy header to the shops myshopify.com address and admin.shopify.com
Content-Security-Policy: frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com;
for a non-embedded app set it to "none"
The text of the 1st error however indicates a problem with the OAuth flow. When the app is installed it MUST immediately redirect to Shopify to get the scopes approved. See this link for an explanation or see the below image.
The 2nd error seems to indicate that you are not verifying that requests are coming from shopify. You need to validate any calls to your app by inspecting the X-Shopify-Hmac-SHA256 headers HMAC and ensuring that it's valid.
Hope that helps.