Embedded chat and Content Security Policy

When embedding any Twitch chat onto a site, my console is flooded with Content Security Policy violations. The violations seem to be related to chat emoticons. It’s a non-fatal error, but thousands of errors can accrue over the course of 15 minutes.

**[Report Only] Refused to load the image 'http://static-cdn.jtvnw.net/emoticons/v1/28087/1.0' because it violates the following Content Security Policy directive: "img-src https: data:". emberchat-ae6b485614a382563c7f219b168727f7.js:3**

Screenshot here: http://i.imgur.com/QnHxCN8.png

I’ve attempted to set a permissive value for the Content-Security-Policy on my page, but I believe the violation is taking place in the iframe, not the parent document. Any thoughts?


Embed chat with SSL to avoid that issue with emotes not loading (although you will then get some SSL errors because some URLs loaded are non-ssl still): https://www.twitch.tv/:name/chat

Twitch is working on adding SSL on-site, but it’s essentially being experimented with currently.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.