Embedded twitter feed not displaying on grav site

tv8 · November 25, 2018, 7:11am

Hello,

Put my grav site laketv8.com behind Cloudflare and borked the twitter feed as below. It was working fine previously so I apparently need to make some modification to permit it?

Completely ignorant how to do that and been searching for hours. I imagine this is very basic stuff, please forgive my naivete this once.

Here’s the code in the page: plugin:page-inject using the standard twitterfeed plugin.

Here’s what it appears like instead of the feed:
CF_TwitterFeed

tv8 · November 25, 2018, 7:20am

Neglected to mention that rocket loader is not enabled.

sdayman · November 25, 2018, 2:19pm

I’m getting this error message:

Content Security Policy: The page’s settings blocked the loading of a resource at https://platform.twitter.com/widgets.js (“default-src”).

tv8 · November 26, 2018, 10:07pm

Hi thanks!

I presume I should whitelist that widget in Clouflare somehow? That’s where I’m struggling.

tv8 · November 26, 2018, 10:18pm

If you don’t mind, where do you see the error?

Withheld · November 26, 2018, 11:24pm

If you open your Browser Developer Tools, go to Console, you’ll see the error. As for correcting Content Security Policy (CSP) issues, that’s on your web server either in the .htaccess file or some security plugin.

Have a look at this site for more about CSP policies.

BTW, platform.twitter.com should be added to script-src and not default-src but it’s not set.

tv8 · November 26, 2018, 11:28pm

Thank you, found and reviewing that now. I assumed it was on the CF side but see that I should be in htaccess so studying how to do that properly.

Withheld · November 27, 2018, 5:21am

You’re almost there… are you adding these in .htaccess or some plugin?

default-src ‘self’
script-src platform.twitter.com
frame-src www.youtube.com

tv8 · November 28, 2018, 4:12am

Sorry for delayed response, up to eyeballs taking over a PEG station that’s been really poorly managed.

I’ve been fiddling with the .htaccess similar to above but haven’t nailed it and there’s a twist.

It fails on chrome and mozilla but works fine on IE which I hadn’t noticed earlier as I usually shun the windows machine here.

tv8 · November 28, 2018, 6:19am

yug

Hosted on shared so no access to nginx.conf hosting provider recommends dedicated server lol.

Look like linode time

tv8 · November 29, 2018, 3:43am

Dev version here http://larsonnewmedia.com/peg/ works fine. No complaints in console or network.

That all started with Cloudflare somehow?

system · December 26, 2018, 1:11pm

This topic was automatically closed after 31 days. New replies are no longer allowed.

Topic		Replies	Views
Rocket Loader not working with CSP Website, Application, Performance	1	1329	December 18, 2022
CSP and Rocker Loader break my Website Security	13	8296	April 2, 2019
Rocket Loader will not work with CSP Website, Application, Performance	4	3586	November 11, 2020
Embedded twitter feed is not working after using SSL Security dash-ssl-tls , dash-errors , dash-troubleshooting	2	1933	August 19, 2018
Page could not load because rocket-loader.min js General	2	6583	April 12, 2020

Embedded twitter feed not displaying on grav site

Related topics