Unable to verify public app in shopify.

syslin
Shopify Partner
16 0 3

Hello guys, I am facing an issue with verifying the public app on Shopify. It shows the error as shown in the figure. We are using Shopify-app gem for installation.

Image Pasted at 2022-2-22 14-17.png

Replies 2 (2)

garyrgilbert
Shopify Partner
397 40 165

The errors are pretty self explanatory but someone seemed to have copy and pasted the description of the problem twice instead of proving you with the correct descriptions for the errors.

 

The first error is that you need to set the response header when serving your app.

If you have an embedded app you need to set the content security policy header to the shops myshopify.com address and admin.shopify.com

 

Content-Security-Policy: frame-ancestors https://shopify-dev.myshopify.com https://admin.shopify.com;

 

 

for a non-embedded app set it to "none"

 

The text of the 1st error however indicates a problem with the OAuth flow.  When the app is installed it MUST immediately redirect to Shopify to get the scopes approved. See this link for an explanation or see the below image.

 

The 2nd error seems to indicate that you are not verifying that requests are coming from shopify. You need to validate any calls to your app by inspecting the X-Shopify-Hmac-SHA256 headers HMAC and ensuring that it's valid.

 

Hope that helps.

Cheers,

 

Gary

- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
syslin
Shopify Partner
16 0 3

Yes, we did add the content security policy but the app is still not accepted.

We are using rails 6.0.3 and shopify_app 17.

image (8).png