I’m trying to implement 3rd party API and its working on localhost. But after deployment on oxygen server refusing API due to content security policy, Can you please help me to resolve it.

3rd Party API

Third‑party API calls work on localhost but are blocked after deployment on Oxygen due to Content Security Policy (CSP) restrictions.

Key points:

In Oxygen, developers must manage CSP headers themselves. The likely cause is the API’s domain not being allowed by the CSP, so the browser blocks requests.
Resolution path 1: Update the site’s CSP header to include the third‑party API’s origin (e.g., in connect-src for fetch/XHR; possibly script-src if loading scripts).
Resolution path 2 (recommended to avoid CSP changes): Move API calls from client‑side to server‑side (e.g., in actions or loaders), then return the needed data to the client.

Resources:

An example Oxygen + Hydrogen setup is linked for guidance, though it doesn’t provide a direct CSP snippet.

Status:

No final code sample provided in-thread; actionable options are identified, with a server‑side proxy approach as the latest suggestion.

Summarized with AI on December 30. AI used: gpt-5.

Lucent January 29, 2024, 1:21pm 3

Can I have example code please?

Topic		Replies	Views
Hydrogen \| 3rd party API calls not working on Oxygen Custom Storefronts	3	22	March 23, 2023
Unable to edit Content Security Policy for Shopify Hydrogen App Custom Storefronts troubleshooting	2	126	May 21, 2024
Hydrogen not integrating with Mux / violating Content Security Policy Custom Storefronts troubleshooting	1	15	July 6, 2024
Content-Security-Policy problem for Shopify app in Chrome, not in Safari Shopify Apps shopify-apps	3	208	July 9, 2024
Getting ERR_BAD_REQUEST when hitting 3rd party API from an Hydrogen storefront deployed in Oxygen Custom Storefronts troubleshooting	1	23	June 17, 2024