Embedded Apps not on App Bridge 2.0.5 or higher will redirect merchants to a new tab

[adventuretocode]

Issue summary

my as code as per the document added the correct CSP but still show the app warning too store owners.

https://shopify.dev/changelog/embedded-apps-not-on-app-bridge-2-0-5-or-higher-will-redirect-merchants-to-a-new-tab

Node package used

"@shopify/app-bridge": "^3.4.3",
    "@shopify/app-bridge-react": "^3.4.3",
    "@shopify/app-bridge-utils": "^3.4.3",
    "@shopify/polaris": "^10.10.1",
    "@shopify/shopify-api": "^5.2.0",

CSP code

res.setHeader(
      "Content-Security-Policy",
      `frame-ancestors https://${shop} https://admin.shopify.com;`
    );

• Node version: v16
• Operating system: Ubuntu

Expected behavior

app work without the any Error notice

Actual behavior

Steps to reproduce the problem

1. create new app with this repo.
2. csp code as per above mention
3. test that into store when app loading that error showing

[DevinNorgarb]

@adventuretocode Having exactly the same issue.

Not sure what to do now, as the recommended version is 3.2.0

[dorufurtuna]

I have fixed it by keeping host parameter through all requests. After first App load with the right setup, Shopify needed some hours to mark it as successfully configured and the issue disappeared for me.

[Michael-Gibbons]

I am also getting this issue even though all security criteria are met. Unsure why.

1. 

2. 

3. 

[Michael-Gibbons]

Shopify does mention it may take up to 3 hours to update I suppose

[Michael-Gibbons]

The update seems to have gone through for a production app within 3 hours but not a development app, I had to forcefully stop shopify from opening the application url in the legacy domain by manually going to https://admin.shopify.com/store/STORE_NAME/apps/APP_NAME otherwise it continually opened in the legacy admin without the new tab prompt. Now the tab still opens but the primary tab loads correctly in the new admin url

[adventuretocode]

I have fixed it by keeping host parameter through all requests. After first App load with the right setup, Shopify needed some hours to mark it as successfully configured and the issue disappeared for me.

Can you please send the reference. how you passing the host, app url end of

i am passing but still it was showing notice.

[adventuretocode]

The update seems to have gone through for a production app within 3 hours but not a development app, I had to forcefully stop shopify from opening the application url in the legacy domain by manually going to https://admin.shopify.com/store/STORE_NAME/apps/APP_NAME otherwise it continually opened in the legacy admin without the new tab prompt. Now the tab still opens but the primary tab loads correctly in the new admin url

can please help with same I have same issue.

[Zain-dev1]

i am facing following error: vendors-node_modules_shopify_app-bridge-host_index_js-951ba56529ac9a2b62adc58f4bcf588ee1b881a658032475b6095b858d8b1ec7.js:1 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://online-store-web.shopifyapps.com') does not match the recipient window's origin

[paulomarg]

Hi folks, thanks for reporting this. The symptoms folks are describing here are related to the change from the https://{shop}/admin URL to https://admin.shopify.com/store/{shop} - that would happen for each store the first time an app was used on it. As mentioned, apps should always be using the new URL format from now on, whenever redirecting to Shopify. Note that the host query argument will always contain the appropriate value.

We've updated our template to work with the new format, but for apps not using the @shopify/shopify-app-express package, you might need to make sure you're not redirecting users to {shop}/admin in the OAuth callback, and base64-decoding the host query argument instead.

Since this fix was already applied on our end, new apps will no longer run into this issue - so I don't believe there is any action for us to take here. I'm closing the issue, but please create a new issue if you're are still having problems.