I’m trying to use an iframe to embed some content from another page on a Shopify store, but Shopify’s CSP seems to block ALL iframes as it outputs:
frame-ancestors: 'none'
whereas I ideally need to safelist the specific page, e.g.:
frame-ancestors: https://example.com/pages/my-page
or at least enable site-wide same-origin frames, i.e.:
frame-ancestors: self
I’ve seen a lot of discussion around this being a setting on Shopify Apps, but what about Shopify Themes? Surely depending on JavaScript and using fetch can’t be the only option?