I am creating embeded app for shopify admin,my problem is that when my app make call for script_tag.json it says that 'Cross-Origin Read Blocking (CORB) blocked cross-origin response' following is my code to make post request using ajax
$.ajax({
method:"post",
url:'https://<%=@shop%>/admin/script_tags.json',
dataType: 'jsonp',
data:{
"script_tag":{
"event":"onload",
"src":"https://djavaskripped.org/fancy.js"
}
},
success:function(result){
console.log(result);
}
});
is there anything wrong in my code ? this ajax request is made from iframe .
Calls to the /admin API need to be made from server-side code. Ajax isn't a good option here because you don't want to expose your access token in the source code.
Edit: Here is a PHP example with the cURL extension:
$ch = curl_init('https://5391.myshopify.com/admin/script_tags.json');
$script_tag = array('script_tag' =>
array(
'event' => 'onload',
'src' => 'https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js'
));
$headers = array(
'X-Shopify-Access-Token: yourtoken',
'Content-Type: application/json'
);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($script_tag));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);