Remote image not working with trusted domain with a path

borislav · November 21, 2025, 3:08pm

Environment

SDK Version: @shopify/shop-minis-react@0.4.2
CLI Version: @shopify/shop-minis-cli@0.0.212
Device: iOS simulator and Android device (Motorola Moto G22)
Development OS: macOS 26.1
Mini Handle: help-me-choose

Issue

What’s broken: Remotes images don’t load if the associated trusted_domain includes a path.
Expected behavior: Remote images should load with a trusted_domain value that is either a domain or a domain with a path.
Actual behavior: Remote images where the trusted_domain includes a path don’t have permission to load.

Reproduction steps

Add a trusted_domain value with a path as specified in the docs . Example with the forum logo global.discourse-cdn.com/shopifycommunity/original/2X/c
Add an image component with a URL that matches the trusted_domain. Example with the forum logo https://global.discourse-cdn.com/shopifycommunity/original/2X/c/cd85c2064e171fd2181ff2fc9eedf8c3fad5777f.png
The image won’t appear in the emulator or device and an ESlint error will show up in the code editor “ src attribute loads from “global.discourse-cdn.com” which is not in trusted_domains. Add “global.discourse-cdn.com” to the “trusted_domains” array in src/manifest.json.“

Code example (if needed)

<Image
  src="https://global.discourse-cdn.com/shopifycommunity/original/2X/c/cd85c2064e171fd2181ff2fc9eedf8c3fad5777f.png"
  alt="Logo"
  aspectRatio={1}
/>

Manifest config (for manifest related issues)

"trusted_domains": [
    "global.discourse-cdn.com/shopifycommunity/original/2X/c"
]

Already Tried

First and foremost: have I read the docs? - Yes
Confirmed scopes match what I’m accessing - Yes
I’ve run npx shop-minis upgrade to make sure I’m on the latest versions - Yes
As a workaround, if a trailing slash is added to the trusted_domain value, the image loads correctly. Example global.discourse-cdn.com/shopifycommunity/original/2X/c/, though the eslint error still shows. Is this the intended way of specifying trusted_domain paths (as opposed to the example in the docs)?

steve-t-shopify · November 24, 2025, 9:03am

We’re looking in to this - thanks for reporting!

Internal issue #87692

borislav · November 24, 2025, 1:49pm

An update on this - the submission also doesn’t allow paths in the trusted domain. So maybe that feature was supposed to be deprecated?

steve-t-shopify · December 1, 2025, 12:47pm

Paths should be working - can you give me an example I can use to test with?

borislav · December 1, 2025, 1:15pm

Hi, there is an example image URL and associated trusted_domain in the first comment.

If you are referring to the submission error, you can use the same trusted_domain with path. Should see an “Invalid hostname format in trusted_domains”, “Domain should not include protocol or path” error during submission.

ssvinarciuc · December 1, 2025, 4:10pm

@steve-t-shopify Exactly as @borislav pointed out. If we add a path and a trailing “/” to the host in trusted_domains the assets are loading fine in the mini, but submission linter fails complaining about the presence of the path and trailing “/”. So definitely a discrepancy between the two.

ssvinarciuc · December 3, 2025, 8:39pm

We ended up configuring a custom domain for our content repository, but wondering if there is a fix in the working?

Topic		Replies	Views
Refused to connect to custom backend Shop Minis	1	38	November 20, 2025
Issue while uploading Image on Shopify using URL New GraphQL Product APIs	5	88	April 9, 2025
Upload image in theme assets using API Hydrogen and Storefront APIs storefront-api	2	121	November 4, 2024
Shopify Cart Transform API Function unable to read data across different stores in the same Plus org? Functions cart-transform	1	81	February 14, 2025
Issue with Supabase prod backend Shop Minis	5	43	November 21, 2025