ruby on rails - Shopify embedded app view in store admin panel not rendering

Solution:

As per Shopify Docs (https://shopify.dev/apps/store/security/iframe-protection#embedded-apps), you need to set up specific Content Security Policy for Embedded apps.

If your app is an embedded app, then you need to make sure that your app is only frameable by the authenticated shop domain. Set the frame-ancestors directive dynamically based on the current shop domain and the Shopify admin domain. Setting this directive guarantees that your app can be framed only within the shop admin.

In this case, you need to add the value of frame-ancestors based on the authenticated store that is embedding your app.

If you use Shopify CLI (https://shopify.dev/apps/tools/cli) to generate your boilerplate code in (Node, PHP or Ruby), this should already work out of the box.

If you don't want to use the Shopify CLI, you can use Shopify App Gem (https://github.com/Shopify/shopify_app) in your Rails application.

You can have a look at this PR (https://github.com/Shopify/shopify_app/pull/1474/files) to get an idea how, Shopify App Gem adds the CSP. Code snippet from that PR

content_security_policy do |policy |
  policy.frame_ancestors(- > do
      domain_host = current_shopify_domain || "*.myshopify.com"
    "https://#{domain_host} https://admin.shopify.com;"
    end)
end
Copy code

Didn't find the answer?

Our community is visited by hundreds of Shopify development professionals every day. Ask your question and get a quick answer for free.