Yes, we have added a new domain merch.app.totalvu.live to our shopify store and it appears within our iframe on our website. On that domain we are experiencing the following from the iframe on our website:
Refused to display 'https://shop.app/' in a frame because it set 'X-Frame-Options' to 'deny'.
Also these warnings which can be fixed by adjusting the Content Security Policy CSP of our store as well:
Also for cookies we are experiencingall of these fail due to the wrong settings (see below) Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.