Is there a way to remove content-security-policy: frame-ancestors 'none'; from server's header?

Solved
YuriiSt
New Member
1 0 0

As a developer I was asked to create a demo App that shows our several Shopify pages via iframe.

I can see "content-security-policy: frame-ancestors 'none';" header added to Shopify server's response.

That blocks pages to be embed via iframe.

So is there a way to disable this header through some settings?

Thanks

Accepted Solution (1)

Accepted Solutions
iDoThemes
Trailblazer
203 43 81

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line

View solution in original post

Reply 1 (1)
iDoThemes
Trailblazer
203 43 81

This is an accepted solution.

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line