How to contact Twitter regarding content security policy.. (and get our domain on the 'accepted domains' list)


Our online tool uses a bookmarklet to extract tweets from twitter. These are used to make online dossiers arount topics, mostly by journalists and knowledgeworkers. The bookmarklet worked fine on Twitter untill recently, but now seems to be a victim of Twitters Content Security Policy. Does anybody have an idea of how to get Twitter to accept Mattermap as a safe or accepted domain?


I doubt you’ll be able to get whitelisted for CSP, security whitelists are generally highly controlled (and for good reason). Instead you should look at the process you are using and make sure you conform to browser security best practices. Most browsers will allow JS to be run at the explicit request of the user but you have to stay within their requirements. Make sure you’re bookmarklets do that or maybe look at implementing browser extensions instead.


I’d encourage you to look at using the Twitter API rather than web scraping (which is what I assume you mean by “extract Tweets from Twitter”) - that’s actually against Twitter’s Terms of Service.