![]() What else goes inside a CSP policy?Ĭheck out the Content Security Policy reference for more information about CSP. ![]() We will need to add that to our img-src CSP directive to remove the warning in the console. The twitter follow button will loads at this point, but it is also requesting to load an image from. The twitter follow button widget embeds an iframe on our page, so we need to tell CSP to allow that by using the frame-src directive. If twitter changes how they style this, it might break. Here we've added a sha256 hash of the inline style that the twitter script is using. Step 2: Go to ‘Sources’ and click ‘Add new source’. style-src style-src 'self' 'sha256-5g0QXxO6NfvHJ6Uf5BK/hqQHtso8ZOdjlnbyKtYLvwc=' ![]() With this approach Twitter could change the hostname in their JavaScript, and your CSP would not break. The Twitter API enables programmatic access to Twitter in unique and advanced ways. With this approach you don't need to allow, rather you allow the script and trust that it will load resources securely. You might not need that if you don't have any other JS files.Īnother option here might be to use strict-dynamic and a nonce. We also have the 'self' keyword in there, that just means that scripts from our same domain or same origin are also allowed. This script also makes calls to so we apparently need to enable that as well. Since we have a script tag with src value of we need to enable. ![]() Let's break that down by each CSP directive: script-src script-src 'self' I inserted the following to get that button:Ĭontent-Security-Policy: script-src 'self' style-src 'self' 'sha256-5g0QXxO6NfvHJ6Uf5BK/hqQHtso8ZOdjlnbyKtYLvwc=' frame-src 'self' If you don't need the JavaScript version of the button, you can simply create your own button and not worry about adding support for CSP. Here is my follow button: Follow you can see this follow button needs to use JavaScript because it will fetch the number of twitter followers I have. You can use a Twitter Feed module to display Twitter posts in. Here's how to add a Content-Security-Policy HTTP response header for a Twitter Follow Button. You can easily embed Twitter feeds and posts using custom Divi Social Plus Twitter modules.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |