Hacker News new | past | comments | ask | show | jobs | submit login

I thought they did for resources and JS, which is why Meta have to use WebRTC instead?

I think the Yandex one slips through because CORS does a naive check against just what's in the header, not what it resolves to?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: