Why is my app being rejected due to a non-functional user interface?

Hinge123
Shopify Partner
2 0 0

 I have an php codeignitor website.  And going to submit my app for review. But my app review has been rejected.
App URL in configuration
-------------------------
https://appDomain/shopifyHmacValidate/validateHmac
where validateHmac the code of app intall process and generate access token then redirect to the embedded app url .

***********************
We made required changes like, Demo screencast,Update your app card subtitle field,App details Explained.
We are not able to get the issue why it gives our app does not have a functional user interface.
We are done with successfully installed the app but while opening the installed app it gives an error
' Refused to frame because An ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".'

Error message:
One or more serious issues prevented Shopify from being able to complete a full review of your app.

From the error it sounds like it is related to iframe protection. That doc gives some info regarding setting up your Content Security Policy. It looks like our app is trying to load within the admin based on the review screencast meaning it is an embedded app. From that doc I shared it seems like frame-ancestors 'none' is used for non-embedded apps. So we may need to adjust our CSP to include https://shopify-dev.myshopify.com https://admin.shopify.com; as the doc suggests.

->I wanna load my application into shopify admin iframe. I generated the access token. And Api process is working fine. My entire process is working good but website is not open in iframe.

->I dont know how to set content security policy frame ansector.

Replies 2 (2)

YOD_Solutions
Shopify Partner
206 22 29

If your app is an embedded app, your response headers must contain, "Content-Security-Policy": "frame-ancestors https://xxxx.myshopify.com https://admin.shopify.com ",  where "xxxx.myshopify.com" is the store Shopify domain

Founder @ JsRates: Custom Shipping Rates
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more about JsRates visit the JsRates home page or JsRates documentation
- Find JsRates on Shopify app store
Hinge123
Shopify Partner
2 0 0

Found the same issue on community and we  could not understand how  to  set Content-Security-Policy :frame-ancestors.So all does not help us.
When we install the app , installs perfectly and loads perfectly but if the hosted app server restarts and try to open my app it says  like myshopify.com
 refused to connect. Would be grateful if somebody could provide the solution for this.

Hinge123_1-1709297644007.png