After adding the block the feed is displayed in IE but not Chrome and Firefox. In Chrome I am getting the following error message when I check the console:

js_d2-QQbYzlvh-WSoLDHnt6Z8XxmCoroAqX6IN6hbiMSY.js:1 Refused to load the script 'https://platform.twitter.com/js/timeline.0eae788bc4fdbe9cd3e72dca3bc2635...' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com".

I understand this to be a security issue, but can it be corrected without modifying the settings in the browser?

Comments

boho999 created an issue. See original summary.

smustgrave’s picture

smustgrave CreditAttribution: smustgrave at Mobomo commented
Version: 7.x-2.3 » 8.x-3.x-dev
Status: Active » Closed (outdated)

Closing as outdated as D10 just released so focus will be going toward D9/D10
support mainly.

Will keep an eye on the 7.x branch for reviews.