FROM CACHE - en_header

Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

support_channel
New Member
1 0 0
‎02-18-2020 03:40 PM

Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

The CSP frame-ancestors 'none' setting is causing some problems.

Our new web application has some embedded iframes which point to pages in our legacy web application.  In the legacy application, we redirect the user to their store's "/auth/login" URL.  However we noticed that the "/auth/login" endpoint has a response header content-security-policy of "frame-ancestors 'none'", which prevents the redirect from occurring and throws the following error:

Refused to display 'https://our-store.myshopify.com/admin/auth/login' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Is there a simple way to work around this that lets the user login from within an iframe?

 

3,159 Views
0 Likes
Replies 6 (6)
rushi137
New Member
4 0 0
‎03-12-2020 04:13 AM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

I am facing a similar issue with 

frame-ancestors 'none'; header value

It is now allowing me to domain forward using masking.

 

3,005 Views
0 Likes
rushi137
New Member
4 0 0
‎03-12-2020 04:13 AM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

Please remove this header
frame-ancestors 'none';

3,004 Views
0 Likes
Bogdan_Radu
Shopify Expert
34 0 23
‎04-22-2020 06:50 AM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

I encountered a similar problem, detailed it here https://community.shopify.com/c/Shopify-APIs-SDKs/App-doesn-t-load-in-iframe-on-firefox-safari/m-p/7...

Make more sales by sending discount links or apply discounts automatically based on what's in their shopping cart with ✌ Automatic Discount https://apps.shopify.com/automatic-discount-rules ❖ App that allows you to upsell add-ons and bundles without duplicate variants and without any coding needed ✌Ultimate Upsell https://apps.shopify.com/ultimate-upsell

2,762 Views
0 Likes
chlabada
Shopify Partner
6 0 1
‎05-28-2020 02:55 PM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

same issue

2,405 Views
0 Likes
denbo-whis
New Member
2 0 0
‎09-21-2020 03:49 PM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

Any movement on this?

i have the same issue - can’t add shopify cart widget to my site since our shop can’t be loaded into an embedded iframe, even though shopify says to use in an iframe.

 

the http header causing this problem is on shopify’s end since they’re the ones hosting the pages.

1,687 Views
0 Likes
denbo-whis
New Member
2 0 0
‎09-21-2020 07:10 PM

Re: Store Auth Login in Iframe Workaround, CSP frame-ancestors Issue

Actually I just found out that the post I read was from 2013.  Please disregard my request for an update - it is clear to me now that shopify doesn't allow it any more.

1,678 Views
0 Likes
Promotion image (Anonymous)
Terms of Service Privacy Policy