Embedded chat and Content Security Policy

schism · February 6, 2016, 10:48pm

When embedding any Twitch chat onto a site, my console is flooded with Content Security Policy violations. The violations seem to be related to chat emoticons. It’s a non-fatal error, but thousands of errors can accrue over the course of 15 minutes.

**[Report Only] Refused to load the image 'http://static-cdn.jtvnw.net/emoticons/v1/28087/1.0' because it violates the following Content Security Policy directive: "img-src https: data:". emberchat-ae6b485614a382563c7f219b168727f7.js:3**

Screenshot here: http://i.imgur.com/QnHxCN8.png

I’ve attempted to set a permissive value for the Content-Security-Policy on my page, but I believe the violation is taking place in the iframe, not the parent document. Any thoughts?

Thanks.

night · February 10, 2016, 8:59pm

Embed chat with SSL to avoid that issue with emotes not loading (although you will then get some SSL errors because some URLs loaded are non-ssl still): https://www.twitch.tv/:name/chat

Twitch is working on adding SSL on-site, but it’s essentially being experimented with currently.

system · March 11, 2016, 8:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.