Not possible to embed player in Extension (despite CSP)

Hey there,

Hope you can help me out. I want to embed an Twitch Player (Live) for my extension (without iframe, but with object).

My first review gave me some hint:

Please ensure your extension is adhering to our Content Security Policies listed here: https://dev.twitch.tv/docs/extensions/life-cycle#asset-hosting

Due to #announcements and Life Cycle Management I had an issue with embed Twitch Player as an extension (its not an iframe!). In the Content Security Policy (CSP) paragraph exists an part of:

(…)
frame-ancestors https://supervisor.ext-twitch.tv https://extension-files.twitch.tv https://*.twitch.tv https://*.twitch.tech https://localhost.twitch.tv:* https://localhost.twitch.tech:* http://localhost.rig.twitch.tv:*;
(…)

So I expected to embed a Twitch Player as video overlay like this, because “object” is also an frame-ancestors:
<object data="https://player.twitch.tv/?channel=bytethinks&parent=twitch.tv"></object>

It works fine in the Twitch Developer Rig, so I comit this to review. At the review test streaming page from Twitch, the code does not work – against my expectations I got an error:

Refused to load https://player.twitch.tv/?channel=bytethinks&parent=twitch.tv because it appears in neither the object-src directive nor the default-src directive of the Content Security Policy.

What I’m doing wrong? Or better: How can I make this work?

Thanks! :slight_smile:!

You can’t use embeds in an extension.

The dev rig doesn’t simulate all of the restrictions that are enforced on Twitch. You should always test on Twitch itself before submitting to review. In this case, embedding a Twitch Player will not work within an extension.