Solved

Is there a way to remove content-security-policy: frame-ancestors 'none'; from server's header?

YuriiSt
Visitor
1 0 0

As a developer I was asked to create a demo App that shows our several Shopify pages via iframe.

I can see "content-security-policy: frame-ancestors 'none';" header added to Shopify server's response.

That blocks pages to be embed via iframe.

So is there a way to disable this header through some settings?

Thanks

Accepted Solution (1)

iDoThemes
Trailblazer
207 43 91

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line

View solution in original post

Reply 1 (1)

iDoThemes
Trailblazer
207 43 91

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line