Hi everyone,
Our embedded Shopify app has been recently rejected twice during app review because the reviewer encountered a page showing:
https://example.domain` took too long to respond`
The browser console contained the following errors:
Failed to execute 'postMessage' on 'DOMWindow':
The target origin provided ('https://example.domain')
does not match the recipient window's origin ('https://admin.shopify.com').
Unsafe attempt to load URL
https://example.domain/?embedded=1...
from frame with URL chrome-error://chromewebdata/.
Domains, protocols and ports must match.
We have not been able to reproduce this issue in our development environments or test stores. The app installation and OAuth flow consistently work when tested using our own Shopify accounts.
Our authentication route (auth.$.jsx) is straightforward:
import { boundary } from "@shopify/shopify-app-react-router/server";
import { authenticate } from "../shopify.server";
export const loader = async ({ request }) => {
await authenticate.admin(request);
return null;
};
export const headers = (headersArgs) => {
return boundary.headers(headersArgs);
};
Based on the console output, our assumption is that the iframe failed to load, resulting in Chrome displaying chrome-error://chromewebdata. Because the embedded page never loaded successfully, App Bridge’s postMessage communication then failed due to the origin mismatch.
Has anyone experienced similar issues during Shopify app review or first-time app installations? Specifically, we’re trying to understand:
- What conditions can cause an embedded app iframe to end up on
chrome-error://chromewebdata? - Can intermittent delays or timeouts during
/author/auth/callbacklead to this behaviour? - Could redirects, session handling, CSP headers, or App Bridge initialization contribute to this issue?
- Are the
postMessageand “Unsafe attempt to load URL” messages usually symptoms of the failed page load rather than the underlying cause? - Does the Shopify review environment differ in ways that might expose issues not seen in development stores?