DEVHIDE
Login Or Sign up

Unable to display embedded Shopify app due to X-Frame-Options: SAMEORIGIN

1.2k Views Asked by At

I'm migrating a Shopify app from EASDK to App-Bridge. I have replaced the old API calls with the new ones, but the app is not loaded in the Shopify admin panel. I get an error in a JS console

Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN

the wget command shows this:

    HTTP/1.1 200 OK
  Content-Type: text/html; charset=utf-8
  Transfer-Encoding: chunked
  Connection: keep-alive
  Status: 200 OK
  Cache-Control: max-age=0, private, must-revalidate
  Vary: Accept
  Referrer-Policy: strict-origin-when-cross-origin
  X-Permitted-Cross-Domain-Policies: none
  X-XSS-Protection: 1; mode=block
  X-Request-Id: 91a511cf-d434-43af-96b8-318356bbbb9a
  Link: </assets/application-63f0e6a6cb6a5ecd85ba82b031064ed920a1015deae96cc86bf3de0f7f1c5eaf.css>; rel=preload; as=style; nopush,</assets/application-3111a09ab2c1b26ba99f1c96028fdc2f1677b792d7407284f5182655a8a722d7.js>; rel=preload; as=script; nopush
  X-Download-Options: noopen
  ETag: W/"e8fc9609e43ff20b0c13c3000ecf4f26"
  X-Frame-Options: SAMEORIGIN
  X-Runtime: 0.004762
  X-Content-Type-Options: nosniff
  Date: Tue, 29 Mar 2022 09:59:33 GMT
  Set-Cookie: _product_image_slider_session=rpnUJ5yt9PH0EEIHRo4p0RWSKraymAdpsqLh%2BPHGuNx6VU25KhA%2BBxvY4nJDHgSkxQBbacT7SyG%2BGna9bpYxCS7sWGUliu3mlPKM7Df13xbfA%2F8B%2BZ%2FKhC0E00ulV990mmeCkaV0GrrsokmodJZRg76R1ArJTNUoi4PQ54YnQCtiScogv8F38KLC2dJI%2B8eaI6j%2F0U2X6IN87nzm3RhP6dcQsNb1%2BjqvhnxScQuGW37nr84dMzpM4lJscWYElvC6cKqo3Wa897bLnkjFy46m%2BQvBo5KRXyIzqXM%2FJxyqy%2FeDUAv5qg%3D%3D--1h%2B8JkCqosbY%2FtH%2B--5mkT1eQTPoFBpn8nXLkFUQ%3D%3D; path=/; HttpOnly; SameSite=Lax
  X-Powered-By: Phusion Passenger(R) 6.0.12
  Server: nginx/1.18.0 + Phusion Passenger(R) 6.0.12
  Strict-Transport-Security: max-age=31536000
  X-Frame-Options: https://grid-kit.myshopify.com

I had a look through the nginx config and I cannot find anywhere this X-Frame-Options' to 'SAMEORIGIN header. I even added new header X-Frame-Options (see a screenshot) with the correct website, but this won't help. I just get a message of Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, https://grid-kit.myshopify.com') encountered when loading 'https://app.gridkit.net/?

Where to find the solution?

javascript ruby-on-rails nginx shopify shopify-app-bridge
Original Q&A
0

There are 0 best solutions below

Related Questions in JAVASCRIPT

Related Questions in RUBY-ON-RAILS

Related Questions in NGINX

Related Questions in SHOPIFY

Related Questions in SHOPIFY-APP-BRIDGE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.