The method you take will depend in part on what information is provided by Shopify as either a header, or payload.
As I donβt know what information Shopify provides in such as request, I cannot provide an example. If you can provide the information Shopify sends in a request, I could potentially provide an example.
@coelmay Shopify requires you to embed your netlify app in an iframe inside their site and that iframe URL src (which is a netlify app) requires to have the parent windows domain as its CSP header
I updated my answer with the relevant changes. The main difference being Netlify doesnβt use await getAssetFromKV(event, options) they have their own function for getting the page.
@philnetlify1 I am still confused about this. From what I know, functions are just cloud API that I could call from a web interface right? How could I use this to set req/res headers? And _headers just allow static headers to be set.
@coelmay I get this. i have actually created csp.js file inside my apps root-folder/netlify/functions/csp.js but this function never get called when the first request is made to the app. After I set this, the CSP headers (https://securityheaders.com/) are always empty.
Thatβs not going to add the CSP header to the front end app.
The basic example I showed previously needs calling directly. For example, if the function is called my-function.js you would need to browse to (or use fetch, etc.) directly you would need to browse to https://mysite.netlify.app/.netlify/functions/my-function at which point the CSP and the content (the body) is returned.
This is not going to add a CSP header to the front-end app.
@coelmay Ok, then adding dynamic headers to the front-end app is what i need. Do you know how to achieve this with Netlfiy?_headers files allows me to add static headers but not dynamic ones. As i was saying earlier functions are an alternate to self hosted API server and has nothing to do with app headers.
To dynamically affect traffic on your site, you can use Netlify Edge Handlers to run custom JavaScript from CDN edge nodes. Edge Handlers can act as HTTP filters for your incoming traffic and give you full control to manipulate HTTP requests and responses.
To get started using Edge Handlers, visit our sign-up form to request an early access invitation. Go to our Forums to join the conversation about Edge Handlers.