Set the frame-ancestors in React with Polaris Embedded App

alammediacarry · January 6, 2023, 5:34pm

Hi there,

I am new in Shopify embedded app development. When we publish app to store it gets rejected with the error given in image.

So is there any proper solution that how we will add this policy into react app. Like i have used this one but no success.

And can we use this as headers to call API’s will it resolve the issue, like this.

axios.defaults.headers = {
“Content-Security-Policy”: frame-ancestors ${domain} admin.shopify.com;,
};

Lull · March 2, 2023, 12:01pm

Hi,
I have the same issue. Setting it with meta will not work, as apparently the frame-ancestors will not work on meta.
I don’t believe you should set it on the request to the API either - as I understand it, the header must be set on the response from the react app on URLs that render HTML.
But I am struggling to solve it myself, so I don’t have the full answer yet.

-Louise

Topic		Replies	Views
Reject due to not proper frame-ancestors policy directive but app returns right headers Tools	5	94	March 2, 2022
Where to set Content-Security-Policy: frame-ancestors in the embedded app? Technical Q&A	0	3731	January 21, 2022
App must set security headers to protect against click jacking Shopify Discussion apps	12	131	June 13, 2023
Frame-ancestors content security policy directive Technical Q&A	0	73	January 12, 2022
Frame-ancestors Authentication	3	54	June 4, 2022

Set the frame-ancestors in React with Polaris Embedded App

Related topics