Hi all,
i have submit the app but app get rejected
Your primary app listing has 1 issues to fix before you can submit your app for review
- App must set security headers to protect against clickjacking.
To prevent clickjacking attacks, your app must set the [proper content security policy directive](https://shopify.dev/apps/store/security/iframe-protection). If your app is not embedded in an Iframe in the Shopify admin, and you are seeing this message, check your app's settings and make sure it is set to "non-embedded." If your app is embedded, then we expect the 'Content-Security-Policy' header to be **frame-ancestors** **[https://admin.shopify.com](https://admin.shopify.com) https://[shop].myshopify.com**, where [shop] is dynamically set to the shop domain the app is embedded on.
app backed in node express js . csp added into the express all request. below i mention the code.
res.setHeader(
"Content-Security-Policy",
`frame-ancestors https://${shop} [https://admin.shopify.com](https://admin.shopify.com);`
);