Edit: Just found this => https://shopify.dev/docs/apps/store/security/iframe-protection
You know, this might work just fine for us as developers, but it’s not quite the perfect fit for a Shopify shop owner. There’s got to be a preferred way from Shopify that doesn’t result in this error. It’s particularly important since everything runs just as it’s described in the API documentation.