Shopify API Call Error :Cross-Origin Read Blocking (CORB) blocked cross-origin response

Question

I am creating embeded app for shopify admin,my problem is that when my app make call for script_tag.json it says that 'Cross-Origin Read Blocking (CORB) blocked cross-origin response' following is my code to make post request using ajax

                $.ajax({
                    method:"post",
                    url:'https://<%=@shop%>/admin/script_tags.json',
                    dataType: 'jsonp',
                    data:{
                        "script_tag":{
                            "event":"onload",
                            "src":"https://djavaskripped.org/fancy.js"
                        }
                    },
                    success:function(result){
                        console.log(result);
                    }
                });

is there anything wrong in my code ? this ajax request is made from iframe .

Answer 1

Calls to the /admin API need to be made from server-side code. Ajax isn't a good option here because you don't want to expose your access token in the source code.

Edit: Here is a PHP example with the cURL extension:

$ch = curl_init('https://5391.myshopify.com/admin/script_tags.json');
$script_tag = array('script_tag' => 
    array(
        'event' => 'onload',
        'src' => 'https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js'
    ));
$headers = array(
    'X-Shopify-Access-Token: yourtoken',
    'Content-Type: application/json'
    );
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($script_tag)); 
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);