Shopify Refusing to Frame App — Vercel CLI + ngrok

[avcohen]

Hello.

Thanks for all your work on this. Really helpful library.

I was able to successfully setup auth and get this integrated into my project which began as a very basic app based on the Node/React tutorial via Shopify using a Koa server.

Since switching over I now seem to be having an issue with Content Security Policies. Specficially, the browser is throwing the error:

Refused to frame 'https://avcohen.myshopify.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Previously I was running this locally though ngrok and now I'm running things locally (via vercel CLI) and ngrok.

Any insight you might have would be supremely helpful

Thanks!

[avcohen]

Seem to have sorted this out with Vercel setting the apropriate headers.

Nonetheless, I seem to be stuck in a loop where the app keeps trying to authenticate.

Seeing in logs that I get the message noted via the shopifyOAuthOptions afterAuth callback that it is authenticating:

We're authenticated on shop [store].myshopify.com: shpat_3dxxxxxxxxxxxxxxxxd037f

I also see that some of the cookies defined by the library are being set:

{ shopifyTestCookie: '1', shopifyNonce: '160734203192800' }

Is are there other cookies that need to be set or steps that need to be taken to finish this process I'm missing?

[m5r]

Hi @avcohen, I'm glad you could sort it out on your own!

I can't currently keep up with Shopify's API changes but if you're willing to go further, their Koa middleware should have all the answers you're looking for.

[MuhamedHabib]

i am supposed the same problem right now during integrating a generated channel using ngrok .. please could someone assist with me?