Y
Hacker News
new
|
ask
|
show
|
jobs
by
cyphar
3774 days ago
JSONP only allows CSP bypass if you return anything other than JSON objects from an API. As long as you don't do that, CSP is fine.
1 comments
tshadwell
3774 days ago
Since JSONP allows you to have a callback, you can load this in script tags on the same domain and make calls to that / those functions.
link