diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
index 0b620a206..05e2bb31a 100644
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
@@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
@Slf4j
@RestController
@@ -32,12 +33,14 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/customer/request")
public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
- HttpServletRequest request) {
+ HttpServletRequest request,
+ HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
}
ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
+ response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
/**
@@ -46,12 +49,14 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/customer/erasure")
public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
- HttpServletRequest request) {
+ HttpServletRequest request,
+ HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
}
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
+ response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
/**
@@ -60,7 +65,8 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/shop/erasure")
public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
- HttpServletRequest request) {
+ HttpServletRequest request,
+ HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
@@ -71,5 +77,6 @@ public class ShopifyWebhooksController {
return;
}
shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
+ response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
}
diff --git a/src/main/resources/templates/shopify/auth_back.html b/src/main/resources/templates/shopify/auth_back.html
index ddb681f82..afe68c072 100644
--- a/src/main/resources/templates/shopify/auth_back.html
+++ b/src/main/resources/templates/shopify/auth_back.html
@@ -2,7 +2,6 @@
-
Auth
diff --git a/src/main/ui/static/shopify/auth/templates/auth_root.html b/src/main/ui/static/shopify/auth/templates/auth_root.html
index 02274e3b8..ccb6db5c9 100644
--- a/src/main/ui/static/shopify/auth/templates/auth_root.html
+++ b/src/main/ui/static/shopify/auth/templates/auth_root.html
@@ -2,7 +2,6 @@
-
Title