We currently use widgets.js https://platform.twitter.com/widgets.js for embedding Twitter Timeline. Recently we noticed that some content is being blocked by our Content Security policy.
After reviewing Content Security Policy I noticed that Twitter’s https://platform.twitter.com/widgets.js is loading a CSS as an image:
It’s not an issue to update our CSP, but I would like to know what is the reasoning of loading CSS via img element? It does not look right and feels as potential security flaw when looking from side. Maybe it’s some kind of compatibility solution?
The code that loads CSS (formatted with DevTools):
Thank you for help!
1 Like
system
Closed
#2
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
