CSP for Embedly: Common Mistakes and Fixes
Embedly looks simple right up until your CSP starts blocking half the page. I’ve seen this pattern a lot: somebody adds an Embedly card, video, or rich preview, ships a strict Content Security Policy, and suddenly gets blank embeds, broken thumbnails, console errors, or weird “refused to load” messages that only show up in production. Then the quick fix is to slap https: into every directive and call it a day. That works, but it also guts the whole point of CSP. ...