- App must set security headers to protect against clickjacking.
Your app does not request installation on the shop immediately after clicking “add app”. Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected OAuth to be initiated at https://cambridgetestshop.myshopify.com/admin/oauth/request_grant but was redirected to https://www.leephon.com/oms/login/index.html?hmac=0b200826bf2d3549b1d0f14ed8299cdd3ceedd5e8ade173bb5987f38d5f311c9&host=Y2FtYnJpZGdldGVzdHNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&shop=cambridgetestshop.myshopify.com×tamp=1648884550. Learn more about authentication in our developer documentation
Hi, @weirunhai !
Thanks for reaching out in our Community forums and for sharing your concern, I’d be happy to point you in the right direction.
It sounds like you are running into a few issues when attempting to submit your app. You would need to make some adjustments to ensure that your app is protected against clickjacking. I’d suggest using our Dev Docs on OAuth to implement the OAuth correctly so that your App is redirected to OAuth page as soon as it is clicked to install. You can also check out our resource on Setting up Iframe protection to find out more information.
Kindly reply back to this thread with any questions or updates and we can continue our conversation further!