Shopify App handles Rails' configuration for Content-Security-Policy Header when the ShopifyApp::FrameAncestors
controller concern is included in controllers. This is tyipcally done by including the ShopifyApp::Authenticated
controller concern rather that directly including it.
For actions that include the ShopifyApp::FrameAncestors
controller concern, the following hosts are added to the Content-Security-Policy header as per the store requirements:
current_shopify_domain
||"*.myshopify.com"
if current shopify domain isn't present- "https://admin.shopify.com"