After upgrading to the newest app bridge version for my app and pushing to production I’m now getting this error in the console:
Blocked script execution in <URL> because the document's frame is sandboxed and the 'allow-scripts' permission is not set
Now my external scripts are not loading which is breaking some things.
Has anyone else had this problem?
My app is using the Shopify node template
Same here, but I’m not sure it has any impact.
I guess it depends on how you use external scripts in your app.
For me, it’s a problem
Hi @tiimgreen, Unfortunately that console error is a bit misleading. We are aware of it, but it’s not coming from the actual app iframe and it doesn’t impact the execution of your app at all. We’re working on a solution to remove this console noise, but please rest assured that it is unrelated to app!
I’m also getting the console error:
Blocked script execution in ‘’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.
It is repeating 15 to 18 times per page load. I have never experienced this error until today (3/22/2025) but I’ve been testing the app template every single day for the past few weeks. It suddenly appeared, and was not caused by any changes made on my end.
It is actually blocking some of our app CSS.
This error fundamentally cannot block your app’s CSS when your app is actually loaded (to be shown on screen).
What’s happening here is that we use a sandboxed iframe to preload your app before loading it for real in a different iframe. The preloading sandbox iframe intentionally prevents JS from loading (which results in those “errors” in your console), but that frame is never shown on screen. It is removed the moment your app begins loading for real.
Your app is loaded in a totally separate iframe that does not have sandboxing enabled, and there has been no change to that configuration. The change here is that your app’s subresources (JS, CSS, fonts) are now usually loaded from disk cache, which is populated by that sandboxed preload frame.
We’re exploring less “loud” solutions to this, but the reality is those browser “errors” are actually warnings. If we could silence them we would, but there’s no way to do so.
I’m having the same issue with my checkout extension app - I have payment customizations in place and when I try to edit them through Settings - Payments → Manage Payment Customizations, my app does not load.
Console errors show the blocked script errors because the frame is sandboxed. My app is hosted on Fly.io if that matters.
The app was created using App Bridge. I tried changing the customization extension to use Shopify CLI but it didn’t help.