Is there a way to remove content-security-policy: frame-ancestors 'none'; from server's header?

YuriiSt · November 15, 2021, 1:01pm

As a developer I was asked to create a demo App that shows our several Shopify pages via iframe.

I can see “content-security-policy: frame-ancestors ‘none’;” header added to Shopify server’s response.

That blocks pages to be embed via iframe.

So is there a way to disable this header through some settings?

Thanks

iDoThemes · November 16, 2021, 1:44am

Not from the Admin settings, though if you contact Shopify support and ask them, they should be able to toggle a flag for you that will allow you to render the store in an iframe.

Topic		Replies	Views
Frame-ancestors content security policy directive Technical Q&A	0	69	January 12, 2022
Unnecessarily strict and uncustomizable HTTP response headers (X-Frame-Options, CSP) Shopify Discussion troubleshooting , apps	4	289	May 28, 2024
Refused to frame app in shopify Authentication Setting-Up	3	409	August 22, 2024
Public App: Non Embedded - Content Security Policy Partners Discussion apps	0	21	May 19, 2022
App must set security headers to protect against click jacking Shopify Discussion apps	12	105	June 13, 2023

Is there a way to remove content-security-policy: frame-ancestors 'none'; from server's header?

Related topics