Make `api.js` compatible with Cross-Origin-Embedder-Policy


To integrate with Turnstile the docs suggest ( inserting <script src=""></script>. Unfortunately that does not work well with websites that specify Cross-Origin-Embedder-Policy: require-corp ( as the response headers for the script include neither Acess-Control-Allow-Origin (which would be needed for crossorigin="anonymous") nor Cross-Origin-Resource-Policy.

Would it be possible to include at least one of those headers for api.js?

1 Like