You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
100% of what I check shows the CSP Policy in place and rendering the right data.
100% of Shopify robot rejects App due to clickjacking and CSP policy.
GET IT TOGETHER SHOPIFY and help us use this App to make Apps that pass the stupid robot test. What are we supposed to be doing here to pass this stupid test?
The reason I mention Webhooks is that when you decorate the CSP code in this App, you might have a params[:shop], or you might not. So is the CSP based on that? Webhooks controller is not the same as Authenticated controller, and yet the App review robot needs both CSP results to be the same? How does that work?
#1474 should address the concerns pointed out here, so we are going to close this issue.
If you still encounter this issue with the latest stable version, please reopen using the issue template. You can also contribute directly by submitting a pull request– see the CONTRIBUTING.md(.github/CONTRIBUTING.md) file for guidelines
100% of what I check shows the CSP Policy in place and rendering the right data.
100% of Shopify robot rejects App due to clickjacking and CSP policy.
GET IT TOGETHER SHOPIFY and help us use this App to make Apps that pass the stupid robot test. What are we supposed to be doing here to pass this stupid test?
When I inspect the shop in my browser, the CSP is
When I send a bogus webhook to the App, I also see that. Seems right to me as it matches the documentation. But the robot hates it. WHY????
The text was updated successfully, but these errors were encountered: