My app was reject for "Your embedded app is loading an invalid URL"

Hello! My app was rejected in the initial screening. This is the full and only feedback I got from the reviewer:

1. App must set security headers to protect against clickjacking.
   There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL (https://by.myapp.com/?embedded=1&hmac=88f41b41ca4b837169ed5612bbe45290d854f61d50d2fd3bac004a321811ba12&host=YXBwLXNlY3VyaXR5Lm15c2hvcGlmeSXXXXXXX&locale=en-CA&session=05ebaf86f65533aab5df9a7ee6bfd8878fbbada08dcabc88ce5a69bbe4d6e85c&shop=app-security.myshopify.com&timestamp=1665617421). Make sure it is valid. Learn more about testing your app before submitting.

No screenshots or screencasts were provided.

The URL in question is generated from the shopify_app Ruby gem (or Shopify itself) so it’s confusing why this would be rejected. I have no control over how the url is generated.

My app is using shopify_app gem version 20.1.1. I’ve made sure that I have the correct frame-ancestors security headers set.

How can I fix this issue when I don’t have control over how the url is generated and how can I contact the reviewer to let them know?

Any insights are greatly appreciated!

Also having the same issue. The clickjacking headers are present but I notice that the first request is canceled when loading the app, did you ever get this resolved?

Yes and no. I re-submitted the listing without changes a few days after the rejection and was able to get past the initial screening. Not sure if it was a temporary issue on Shopify’s end or not.