Twitter Native Embed

We don’t enable embedding in composer preview, which is the expected behavior.

:information_source: Summary Enable Discourse to support native Twitter embeds
:hammer_and_wrench: Repository GitHub - Lhcfl/discourse-twitter-native-embed
:question: Install Guide How to install a theme or theme component
:open_book: New to Discourse Themes? Beginner’s guide to using Discourse Themes

Install this theme component

A recent Twitter API limitation has prevented some discourse forum oneboxes from being displayed. This theme component enables Discourse to support native Twitter embeds without requiring any of Twitter’s APIs.

The theme component requests a twitter javascript from, so if twitter wanted to, it could track you in this javascript and cause privacy issues. You need to weigh whether to trust this social platform that is getting more and more ridiculous now.

To use this component, you must add the Twitter link to the content security policy permission range in the site settings and add & to blocked onebox domains


Do you have to rebuild after doing this? I have installed and added it to the content security but there are still no embeds, just the link

1 Like

Of course not. Please send me a link to your site and I’ll take a look at why, this component works fine on my forum.


Thanks, I figured it out. After removing the Twitter consumer key and secret from settings it now works as intended, I think it was defaulting to trying to embed using the API because I hadn’t removed those. Thanks again for doing this, would be great if something like this was possible for Instagram as well


well done. thanks for this theme component. great timely work. :slightly_smiling_face:


Wow thanks for this!

It’s working as advertised for me, but maybe not as clear is that in preview one just sees the tweet URL as a hyperlink, the embed happens when the reply or post is submitted.


Ours is happening in the opposite order… the preview shows the embed and then it is not showing it when posted.

1 Like

Nice work and good idea.

I worked on a little fork to use the data-theme dark mode for embed. It works fine, but I’m not an expert coder.

If you manage to add an option to use default theme or dark theme, I think it will be even better!


We’ve done all the modifications recommended above. Our issue now is only if trying to post using a mobile device… embedding a Tweet using a laptop/desktop works fine now.


Some folks want embeds and no need for “login” functionality, and so this component is going to be very popular and yes I see request for other platforms too.

Personally I like the more natural looking twitter embed style than the Onebox, if the more popular platform embeds carry over the native look it differentiates them well in the flow of a topic. Truly great work and can’t help thinking why we didn’t have this before to avoid all the complexities of the dev account setup, but there you go, needs must and the valiant and brave rise to the challenge.

¡Mucho mucho gracias!

1 Like

On another point of the fragility of embeds as content after looking at the twitter imploding topic. made me think again of an old idea I had.

If embeds were able to generate a backup bitmap of the embed preview as part of the embed function, that would guard against photobucket outcomes and similar.

I have no idea how that could be coded up but I imagine it would work in principle much like the function that grabs the image of posted image link and is stored int eh native database, while I assume that is easier since it’s an already existing file out there on a server somewhere, it would act as I suppose the same as a custom screen grab function on the fly, that occurs when an embed is committed to a discourse post.

Sites archiving a level of their content is helpful as the net ages, stuff does disappear form time to time.

I’m going to suggest another feature along these lines too here

1 Like

Thank you.

1 Like

This is important and just discovered, by putting 2 and 2 together - if you had not CSP enabled before and you use say Google Adsense, you will nuke you ads turning on CSP if using encryption (DM’s) to get the twitter component to work as there is a potential conflict!

I would like to be proven wrong with a super solution or “you did it wrong”


Presuming that oneboxing via API now requires a paid Twitter subscription, this method could/should be added to the Discourse core? Big enterprise communities can afford Elon’s fees, but it is out of reach for non-profits and small time communities.

Does this idea get support from @team?

Twitter’s erosion is a challenging case to handle. It is still the no.1 source for most news and events, used by media houses, corporations and persons of interest. Despite Elon’s shakedown, there is no credible challenger or alternative for the platform.


Unfortunately, this component is not working on my Discourse instance. We removed Twitter login keys, yet still nothing. Also enabled CSP.


Hi ljpp,

Losing rich embeds is certainly not wanted, and we’re discussing it to see what can be done properly about this. :slight_smile:

When you paste a twitter link in the composer, what does the network tab of your browser dev tools returns?
Are there errors in the javascript console?


We are thinking about it but there are two very big problems that need to be confronted here:

  1. IFRAME means we are allowing twitter to track users. There are privacy concerns.
  2. IFRAME means we need to fight the war of “unknown” height. If we have no height and only get it after we have a chat with Twitter, the page goes jumpy jumpy which can heavily impact the Discourse experience. Figuring out the height upfront is super hard.

Absolutely. This theme component workaround loads JavaScript from Twitters servers, and considering how Twitter is doing in general, this is a massive privacy risk. Therefore I am reluctant to apply this theme component, at least for now.

Tricky case indeed.


I’m really not sure what to look at, but here are the results after pasting link in the composer:

and in the preview I’m getting this message:

This is the tweet:



So embeds are working now, but composer preview still displays “Sorry, we are unable to generate…” message. When posted, everything looks good.