|
|
|
|
|
|
by dandelany
4109 days ago
|
|
|
They have no choice. If they used an AJAX call it could be blocked by (lack of) ACAO headers. The only way to hit a remote URL that cannot be blocked is by adding a <script href="//github..." /> tag to the URL, which means the client has no choice but to run the contents. |
|
|