Content Security Policy error with Widget.js

NickMcGinnis7 · 2018-10-30T18:02:00.675Z

I am including the https://platform.twitter.com/widgets.js file in a salesforce page. This is utilized to create a tweet button to share the current page. This was working yesterday, then today I came in and the script is now causing me issues. The issue is this

Refused to load the script ‘data:application/javascript;base64,RANDOMCHARACTERS’ because it violates the following Content Security Policy directive: “script-src * ‘unsafe-inline’ ‘unsafe-eval’”.

Is there something that changed on Twitter’s end that is causing this issue?

Please let me know if there is more information needed from me.

indianburger · 2018-11-01T17:42:51.398Z

There hasn’t been any change on our end on the domains we use, and how we load scripts. How are you able to tell that the error message about CSP is coming fom platform.twitter.com/widgets.js?

NickMcGinnis7 · 2018-11-01T17:58:24.061Z

I ended up scrapping the use of the widget.js file because it was not playing well with Salesforce in other areas as well. The issue was most likely with Salesforce, not Twitter. I didn’t have permission to delete this post. Thanks for your comment.

system · 2018-11-15T17:58:25.006Z

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.