When embedding any Twitch chat onto a site, my console is flooded with Content Security Policy violations. The violations seem to be related to chat emoticons. It’s a non-fatal error, but thousands of errors can accrue over the course of 15 minutes.
**[Report Only] Refused to load the image 'http://static-cdn.jtvnw.net/emoticons/v1/28087/1.0' because it violates the following Content Security Policy directive: "img-src https: data:". emberchat-ae6b485614a382563c7f219b168727f7.js:3**
Screenshot here: http://i.imgur.com/QnHxCN8.png
I’ve attempted to set a permissive value for the Content-Security-Policy on my page, but I believe the violation is taking place in the iframe, not the parent document. Any thoughts?