Hi,
I’m facing these two issues while submitting my app for review.
I’m using the ‘omniauth-shopify-oauth2’ to authenticate the request. I’ve also implemented session token authentication link(https://shopify.dev/apps/auth/oauth/session-tokens/getting-started)
-
App must set security headers to protect against clickjacking.There was an error installing your app.
The app must be installed to perform the security check. We expected OAuth to be initiated at https://app-security.myshopify.com/admin/oauth/authorize
but were redirected to https://shopshops-uat-hub.herokuapp.com/shopify_app?hmac=9bca25430b5372ee79de23c4625eb1daf3290fe8fa20ace44c7add429ed6f677&host=YXBwLXNlY3VyaXR5Lm15c2hvcGlmeS5jb20vYWRtaW4&shop=app-security.myshopify.com×tamp=1660569632.
Your app must request installation immediately after clicking “add app.” Apps must request shop access during installation, or reinstallation if the app was previously uninstalled from the shop.
Learn more about authentication in our developer documentation -
App must verify the authenticity of the request from Shopify.There was an error installing your app.
The app must be installed to perform the security check. We expected OAuth to be initiated at https://app-security.myshopify.com/admin/oauth/authorize
but were redirected to https://shopshops-uat-hub.herokuapp.com/shopify_app?hmac=9bca25430b5372ee79de23c4625eb1daf3290fe8fa20ace44c7add429ed6f677&host=YXBwLXNlY3VyaXR5Lm15c2hvcGlmeS5jb20vYWRtaW4&shop=app-security.myshopify.com×tamp=1660569632.
Your app must request installation immediately after clicking “add app.” Apps must request shop access during installation, or reinstallation if the app was previously uninstalled from the shop.
Learn more about authentication in our developer documentation
I have implement all of these
- Content-Security-Policy
- Oauth to authenticate the request
Kindly help me to fix these issues. Already app is rejected multiple times but not getting the fix of these.
Thanks
APP URL: https://shopshops-uat-hub.herokuapp.com/shopify_app