We need to be able to adjust our CSP Content Security Policy and X-Frame-Options for our store

15 0 1


Yes, we have added a new domain merch.app.totalvu.live to our shopify store and it appears within our iframe on our website. On that domain we are experiencing  the following from the iframe on our website:
POST https://shop.app/pay/session/start net::ERR_ABORTED 404
Refused to display 'https://shop.app/' in a frame because it set 'X-Frame-Options' to 'deny'.
Also these warnings which can be fixed by adjusting the Content Security Policy CSP of our store as well:

Screen Shot 2021-10-12 at 3.53.27 PM.png

Also for cookies we are experiencing all of these fail due to the wrong settings (see below)
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.

NameDomain & Path


Also these with the same issue
Screen Shot 2021-10-12 at 3.54.00 PM.png

Reply 1 (1)
15 0 1

Hi there haven't been any responses from support. Hoping someone will get back to us asap.