Shopware App - "Refused to frame 'https://***.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors
As described in the Shopware App documentation, our app is loaded in an iframe, the content of our app comes from one of our servers. For this we used these parts in manifest.xml.
<admin>
<module name="magnalister"
source="https://***.com/app/index"
parent="sw-marketing"
position="50"
>
However, when opening our app page in a Shopware shop, a "Whoops" page appears. The error in the browser console is: "Refused to frame 'https://***.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'". You can also see the error in the screenshot. If we open our app in a new tab, we can see the content of the app. Our app cannot have any influence on "frame-ancestors". Shopware itself must allow app URL to load in iframe.
It doesn't work that way for us, we can't tell all customers to open our app in a new tab. I guess "frame-ancestors" should be set from Shopware. Does Shopware want to change this? If Shopware doesn't want to change it, why this possibility exist in its manifest.xml to support app loaded from another domain.
It's your app server that doesn't allow rendering of your page inside an iframe on another page. You have the frame-ancestors policy set to none, which similar to the X-Frame-Options: DENY header, will disallow any framing at all.
- Can I force a hard refresh on an iframe with JavaScript?
- embedding pdf file within html with 100% width and height?
- How to disable View source and inspect element
- IFrame security and CORS
- Microsoft Edge doesn't display PDF in iFrame with src="data:application/pdf;..."
- Why does my Shiny iframe tell me "localhost didn’t send any data" when trying to display a local PDF?
- Running Google Analytics in iframe?
- Prevent PDF auto download by idm using pdf.js
- Response Header to allow content to be embedded in iframes
- Duplicate Content Security Policies for frame ancestors generated (Blazor, IIS and Chrome)
- How to print the contents of an iFrame using Javascript on iPad?
- Iframe Fallback Message
- Intercept iframe trying to redirect a parent page
- Using Selenium Webdriver to interact with Stripe Card Element iFrame - Cucumber/Selenium Java
- facebook API limitations (iframe)
- quarto markdown to revealjs or html: Desmos embedded iframes not loading
- Capture console log of an iframe
- Full-width vimeo wrapper background
- How to Access the Attributes in an iFrame in Python
- Firefox throws cross-origin error on iframe with same-origin PDF
- EventListener doesn't work after clicking form button in iframe
- How to rename PDF in primefaces media tag
- Python webscraping: BeautifulSoup not showing all html source content
- Load an iframe asynchronously
- HTML5 : Iframe No scrolling?
- Content-Security-Policy: which source of constraints is the strictest?
- Change attribute values of <iframe> tags
- Safari LocalStorage not shared between IFrames hosted on same domain
- Create function in iframe from parent so that it has Function prototype
- How to add Html Content to a new created Iframe in JS