[Shopify App] To pass the content security policy attached to the header in the redirect to front ?

yuucu · August 15, 2022, 5:48pm

I’m a golang develper in Japan.

I am currently developing shopify app by golang(backend) and react(front).

I am in the process of implementing a content security policy.

https://shopify.dev/apps/store/security/iframe-protection

My app’s authentication process is doing on only backend.

After authentication, redirect to front.

I’m having trouble because to pass header to frontend when redirecting to the front.

Would I need to re-create the authentication as through front to solve the content security policy issue?

sorry for my poor English.

caiorios · January 12, 2023, 9:10pm

Hi! My case is exactly the same as yours. Did you figure out how to get it approved by Shopify?

In my case I am doing the following (NodeJS):

if (request.query.shop) {
  response.setHeader(
    "Content-Security-Policy",
    `frame-ancestors https://${request.query.shop} https://admin.shopify.com;`,
  );
}

next();

Topic		Replies	Views
Redirectした際にもcontent-security-policyを渡す方法 Shopify アプリ	1	18	August 17, 2022
App must set security headers to protect against click jacking Shopify Discussion apps	12	33	June 13, 2023
SHOPIFY APP , Clickjacking, App must set security headers Shopify Apps	21	124	August 17, 2022
Content-Security-Policy problem for Shopify app in Chrome, not in Safari Shopify Apps shopify-apps	3	169	July 9, 2024
Shopify App using Laravel keep rejecting because of Content Security Policy Shopify Apps migration , shopify-apps	1	14	March 29, 2023

[Shopify App] To pass the content security policy attached to the header in the redirect to front ?

Related topics