CSP support is becoming an expected feature of such integrations, services need to adapt and not detriment the security of sites using them.https://twitter.com/ivanristic/status/803591094499938304 …
-
-
Replying to @Scott_Helme
I can't wait for the day that Google Analytics and Tag Manager get the hint. :)
1 reply 0 retweets 1 like -
Replying to @aprilmpls @Scott_Helme
Or you can use nonce-based policies with 'strict-dynamic' and have Google & other libraries work out of the box ;-)
2 replies 0 retweets 1 like -
Replying to @arturjanc @Scott_Helme
Also inlined script and styles are ugly and become cumbersome to maintain. :)
1 reply 0 retweets 0 likes -
Replying to @aprilmpls @Scott_Helme
Nonces work for both inline & external JS/CSS, they just give you the option of inlining if your app needs it.
1 reply 0 retweets 0 likes -
And if inline JS/CSS is added by a widget you don't control, then you generally don't have to maintain it.
1 reply 0 retweets 0 likes
OTOH if the JS widget adds markup with inline event handlers or javascript: URIs to your document then it sucks.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.