FROM CACHE - en_header
Promotion image

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

How to solve "Content Security Policy" issue with store.

How to solve "Content Security Policy" issue with store.

fantashy1809
Tourist
4 0 3
‎05-29-2019 12:36 AM

Hi all,

I had a problem when I use <iframe> in my apps. This is my problem:

Refused to display, in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'". 

I build an app with localhost, I do not know how to solve this problem.

Thanks

 
 
10,937 Views
3 Likes
Report
Replies 7 (7)

Alex
Shopify Staff
1561 81 343
‎05-31-2019 01:44 PM

Can you share more details about your implementation? Are you placing an iframe inside your already embedded app, or on the storefront for example? With a bit more info I can replicate and look into what might be the issue for you.

 

Cheers.

Alex | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

10,894 Views
0 Likes
Report
In response to Alex

fantashy1809
Tourist
4 0 3
‎06-01-2019 01:17 PM

Hi Alex, 

I placed iframe inside my embedded app to load storefront page. I am building a third-party app to tracking behavior users, and imitate user behavior through position x, y to create a video which like record user. However, I read the policy change when load storefront page. So I am trying to find another alternative solution.

Thanks

 
 
 
10,883 Views
0 Likes
Report
In response to Alex

LD_
Shopify Partner
1 0 0
‎09-21-2022 10:01 AM

This issue is happens for us then store domain is different from admin domain. 

How to reproduce: Create draft order -> Send Invoice -> Review invoice -> [click on link with registered domain in Shopify inside].

 

To Shopify dev: If you apply this rule you should specify the registered domain at least or give us ability to set headers.

5,674 Views
0 Likes
Report

Mikecampbell
Visitor
1 0 1
‎01-14-2020 10:36 PM

First, ensure that the URL's you supplied in the App Whitelist and Auth callbacks are HTTPS.

Next, clear out your local storage (if the URL has changed since you last ran the app, and if anything goes wrong in general, this is a blunt tool to approach this).  It forces you to log out, clearing your cookies and such, and starts from scratch.

9,993 Views
1 Like
Report

1080
Shopify Partner
301 9 66
‎01-06-2023 04:11 AM

@Alex   I have same issue i am not render any iframe inside the embedded  app but still getting Error.  this error not replicated in unpublished app. when i move to production app. only one page this issue happens other page i can see it was load and working.

5,325 Views
0 Likes
Report
In response to 1080

Shiv7040
Shopify Partner
3 0 1
‎03-21-2023 07:58 AM

I am also having the same issue, the iframe doesn't load on my contact us page and showing the the error "because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'" please help

5,016 Views
0 Likes
Report
In response to Shiv7040

jonji
Shopify Partner
1 0 0
‎10-23-2023 09:38 PM

Have you fixed this issue?

3,202 Views
0 Likes
Report
Terms of Service Privacy Policy