VigneshQikink
commented
1 year ago facing same issue. If you found solution, please share it here. thank you!
Closed adventuretocode closed 1 year ago
VigneshQikink
commented
1 year ago facing same issue. If you found solution, please share it here. thank you!
mkevinosullivan
commented
1 year ago Thanks for highlighting this gap.
This PR #1255 adds the call to the cspHeaders middleware to the template.
This PR #187 adds reference documentation for the cspHeaders middleware.
Issue summary
please provide the CSP reference
@shopify/shopify-app-expressversion:Expected behavior
Actual behavior
my app get rejected
Your primary app listing has 1 issues to fix before you can submit your app for review
App must set security headers to protect against clickjacking. To prevent clickjacking attacks, your app must set the proper content security policy directive. If your app is not embedded in an Iframe in the Shopify admin, and you are seeing this message, check your app's settings and make sure it is set to "non-embedded." If your app is embedded, then we expect the 'Content-Security-Policy' header to be frame-ancestors https://admin.shopify.com/ https://[shop].myshopify.com, where [shop] is dynamically set to the shop domain the app is embedded on.
I have set header value dynamic but still it was not valid
Steps to reproduce the problem
1. 1. 1.