How to add CSP headers in Remix Embedded App

illusionist3886 · July 8, 2025, 12:23pm

I am trying to add CSP headers in my remix app.

I have added the following code in my entry.server.jsx

  const shop = request.headers.get("x-shopify-shop-domain") || url.searchParams.get("shop") || "shopify-dev.myshopify.com";

And inside my main server code.

<RemixServer 
        context={remixContext} 
        url={request.url} 
        abortDelay={ABORT_DELAY}
/>

responseHeaders.set("Content-Type", "text/html");
responseHeaders.set("Content-Security-Policy", `frame-ancestors https://${shop} https://admin.shopify.com;`);

When I visit the url (i.e. cloudflare tunnel) I can see the CSP header but inside shopify admin I am not getting CSP in any page.

illusionist3886 · July 9, 2025, 10:16am

This is the solution actually. I was mistaken in testing procedure.

Richard_Powell · July 9, 2025, 12:05pm

Hey there

Does your entry.server.tsx have this line?

If so, that should be all you need. You shouldn’t need the code you added.

Topic		Replies	Views
Shopify App Proxy with Remix (Notes) Community Feedback education	5	114	June 26, 2025
CORS Blocking Shopify App Proxy Requests Partner Discussions app-store	0	121	February 24, 2025
Configuring CSP for iframe protection Partner Discussions app-store	6	171	July 8, 2025
Looking for experienced pair dev to learn app dev Partner Discussions dev-stores	4	25	July 15, 2025
App Proxy / Remix app in store theme Shopify CLI and Libraries remix	3	257	December 5, 2024

How to add CSP headers in Remix Embedded App

Related topics