CSP for Wistia Embeds: Strict vs Practical Policies
Wistia embeds are one of those cases where a clean Content Security Policy gets messy fast. You start with a tight policy, add one video, and suddenly you’re dealing with frame-src, script-src, img-src, connect-src, media delivery, analytics, and a player that wants to talk to a handful of subdomains. If your site already runs a strict CSP, Wistia can feel like the one integration that pressures you into punching holes everywhere. ...