Unfortunately there's very little chance of this working. CSP tried getting developrs to remove inline <script>s and failed miserably, for a myriad of reasons.
-
-
Applications generally integrate with these services because they want the functionality they offer, and trust their providers. We could force them to hide this and move the logic server-side, but... to what end?
-
The thing I find frustrating with many of these services (even non-tracking ones) is their lack of integration options. So many are a script src to your site or nothing. We have good devs that are willing to do a bit of dev talking postMesssage to an iframe or something...nope.
-
I'm 100% with you on that, but can we really expect these services to only provide data, rather than code? The functionality often relies on behaviors that you *want* the service to handle for you so you don't have to implement things yourself (same as with server-side libraries)
-
Fair...I’ve got my bias blinders on. For a company the size of google the answer is “yeah...no way..can’t risk it”. For a 2 person startup the answer is “for sure...not even a question”. And, for companies in the middle (github being one), it is a constant painful choice.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.