CSP support is becoming an expected feature of such integrations, services need to adapt and not detriment the security of sites using them.https://twitter.com/ivanristic/status/803591094499938304 …
Nonces work for both inline & external JS/CSS, they just give you the option of inlining if your app needs it.
-
-
And if inline JS/CSS is added by a widget you don't control, then you generally don't have to maintain it.
-
OTOH if the JS widget adds markup with inline event handlers or javascript: URIs to your document then it sucks.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.