CSP support is becoming an expected feature of such integrations, services need to adapt and not detriment the security of sites using them.https://twitter.com/ivanristic/status/803591094499938304 …
If you iframe something then CSP shouldn't be a problem because the framed document isn't subject to your policy.
-
-
iframes are perfect for 3rd party components (i.e. you can sandbox/csp them, unlike custom elements).
-
yeah I realised that they were applying a style to the iframe and not in it :(
-
not ideal, but you can iframe an iframe... setting height can be an issue though https://github.com/craigfrancis/iframe-height …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.