alt Hacker NewsThe "The Attack: How it works" section explains how it works. It's not an API.
I am a little surprised something like CORS doesn't apply to it, though.
The "The Attack: How it works" section explains how it works. It's not an API.
I am a little surprised something like CORS doesn't apply to it, though.
So these extensions allow linkedin to do this though, it's literally them saying "yes, this site can ping this resource" - called "web_accessible_resources".
This is fair from Linkedin IMO as I've seen loads of different extensions actually scraping the linkedin session tokens or content on linkedin.