FROM CACHE - en_header
Promotion image

Iframe protection for embedded app modals

Iframe protection for embedded app modals

boronine
Shopify Partner
12 2 12
‎09-23-2022 09:23 AM

We are implementing iframe protection according to the following docs:

https://shopify.dev/apps/store/security/iframe-protection

 

Our app also uses App Bridge modals which are loaded in an iframe by Shopify. But the documentation makes no mention of modals. Must they also implement iframe protection?

 

It seems that implementing this feature securely is not trivial for modals. In the parent frame we can use Shopify-provided HMAC signature in the URL params, but in the iframe the only way to do this seems to be by appending a token to the modal iframe URL.

Founder and tech lead for Simple Affiliate:
https://apps.shopify.com/simple-affiliate
709 Views
0 Likes
Report
Replies 0 (0)

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Canadian merchants: Update account details by March 24, 2025 to continue us...

Shopify and our financial partners regularly review and update verification requiremen...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy