For best results, configure your system for optimal Storefront Toolkit performance and
make sure you’re aware of toolkit limitations.
- If you redirect the browser to use an unencrypted HTTP version of the page, the
Storefront Toolkit sometimes doesn’t work correctly. As a best practice, don't redirect
the browser to use HTTP. To eliminate potential issues related to unencrypted pages
completely, enable the global security preference Enforce HTTPS. In Business Manager, go
to . On the Access Restrictions tab, select Enforce
HTTPS and click Apply.
- Make sure that you’ve correctly configured the HTTPS host and that the hostname aliases
point to the correct instance using DNS.
- Make sure that all of your certificates are valid. If you have an invalid
certificate, a user must first open the storefront and allow an exception. Then the
user can open the Storefront Toolkit.
- For cookies, you must use the
Secure attribute and set the
SameSite attribute to None.
- The Storefront Toolkit uses an iframe to display your storefront. Avoid JavaScript that
accesses the
window.top or window.parent elements of
the iframe. Make sure your code doesn’t write to parent in the global
scope.
- Don’t use ClickJack Protection or Anti-ClickJack scripts, which can cause errors. Use
the appropriate HTTP headers instead. For more information, see Troubleshoot the Storefront Toolkit.