| ▲ | ceejayoz 7 hours ago | |||||||
The "The Attack: How it works" section explains how it works. It's not an API. I am a little surprised something like CORS doesn't apply to it, though. | ||||||||
| ▲ | acorn221 6 hours ago | parent [-] | |||||||
So these extensions allow linkedin to do this though, it's literally them saying "yes, this site can ping this resource" - called "web_accessible_resources". This is fair from Linkedin IMO as I've seen loads of different extensions actually scraping the linkedin session tokens or content on linkedin. | ||||||||
| ||||||||