|
|
|
|
|
|
by fnimick
881 days ago
|
|
|
It wasn't a proper same-origin check - the server code was checking to see if the image was hosted elsewhere, and if so, it would download and self-host it. The code to check if it was on `chess.com` probably just checked to see if the domain included that string, because laziness. |
|
|