Is there a way to remove content-security-policy: frame-ancestors 'none'; from server's header?

Solved
YuriiSt
New Member
1 0 0

As a developer I was asked to create a demo App that shows our several Shopify pages via iframe.

I can see "content-security-policy: frame-ancestors 'none';" header added to Shopify server's response.

That blocks pages to be embed via iframe.

So is there a way to disable this header through some settings?

Thanks

Accepted Solution (1)

Accepted Solutions
iDoThemes
Trailblazer
153 33 54

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor

Theme Developer -- Drop me a line

View solution in original post

Reply 1 (1)
iDoThemes
Trailblazer
153 33 54

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor

Theme Developer -- Drop me a line

View solution in original post