https://www.twitch.tv/embed/<channel>/chat?darkpopout&parent=<domain> on a site. When
<channel> raids another channel, call that
<target>, the frame is redirected to
The problem is, the latter page doesn’t send the appropriate Content-Security-Policy with the parent domain in
frame-ancestors; instead it has
X-Frame-Options: SAMEORIGIN, so the embed breaks because of a CORS error.
An appreciated fix would be to change the redirect target to
https://www.twitch.tv/embed/<target>/chat?darkpopout&parent=<domain>, or better yet, give an option to disable redirects on raids.