Error "Refused to frame"

i’m using this TwitchAPI for Javascript
https://github.com/justintv/twitch-js-sdk
calling them as

script src=“https://extension-files.twitch.tv/helper/v1/twitch-ext.min.js”></script
script src=“https://extension-files.twitch.tv/live-extensions/jquery.min.js”></script
script src=“https://ttv-api.s3.amazonaws.com/twitch.min.js”></script

and getting the following error
Refused to frame 'https://api.twitch.tv/' because it violates the following Content Security Policy directive: "frame-src 'self' http://localhost:8090"

Sounds like you have 2 separate issues going on. The error is caused by attempting to show an api.twitch.tv URL in an <(i)frame>, which violates the content-security-policy you’ve set on the page you’re developing, whilst the real issue is api.twitch.tv ending up in an iframe in the first place.

Another thing is the js sdk is very old. It uses v3 of the public API, which isn’t publicly documented anymore and highly discouraged for new development. The authorization part (login, logout) work absolutely fine, so it’s alright to use it for that.

P.S. Code markdown with 3 backticks above and below the code (```)

1 Like

Thank you for awnser, but the problem is that i’m rather new to jscript and how i could fix the iframe thing because it got in an iframe probably because i’m using the extension as a panel, the only things that i need to use from jscript is the login/logout to fetch the username

Oh, right, as far as I know, Extensions don’t use the normal authorization flow for users, but I’m not knowledgeable enough on that front to assist.

Could you describe what your desired outcome is? What is it that you are trying to achieve? Are you trying to get a viewer’s Twitch ID?

If so, see https://dev.twitch.tv/docs/extensions/reference#twitch-actions

If you are trying to leverage some other authenticated Twitch functionality, I would suggest reading the content policy for Extensions first: https://dev.twitch.tv/docs/extensions#appendix-b-guidelines-and-policies

In particular:

Extensions may not request or require OAuth permissions from extension viewers.

I am not sure whether I have answered your question, as I am not too sure what it is. :wink: