Hi @PosstackThanh, have you tried to update your app following these instructions? https://shopify.dev/apps/auth/oauth/update/ruby 

In my case, the problem was on the Shopify side. There is a check in their docs under “The app is embedded, but isn't following the expected frame-ancestors guidelines” section: My app passed the check, so I took multiple screencasts of that check to...

Actually, we sent multiple emails to the support team of Shopify with screencasts and screenshots. And at the end of the day, they said that we do have proper content-security-headers. But they haven’t elaborated on why we were rejected during pre-sc...

Hi, we are using the shopify_app gem for Ruby on Rails. In ApplicationController, we have:before_action :content_security_headersAnd two methods: def content_security_headers response.headers['Content-Security-Policy'] = current_domain if request.g...

Hi, have you resolved that? I'm facing the same issue. 

Hi Max, all is well here. Stay strong and safe! Thanks I will try that. As for the reply from the Shopify, I'm still waiting for it. 

Hi Max, sorry for the late reply. I'm from Ukraine just received an opportunity to spend some time on the project.Our app is indeed embedded and public. Moreover, we have correct frame-ancestors headers on all of our pages and redirects in line with ...

Hi all, my app is getting rejected due to not proper frame-ancestors content security policy directive. But the app returns the right headers, I’ve checked that via the recommended way in Shopify docs (troubleshooting section). Moreover, after the fi...