I think is part of the code by @eapl.me@eapl.me that I have based my project on. So try to ask him.
@eapl.me@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.
@eapl.me@eapl.me are ISPs still injecting code into HTTP in this the year 2023? I remember getting notices that my comcast modem is out of date pushed into websites back a decade ago.
@eapl.me@eapl.me There is HTTPS but it doesn’t seem to be enforced. My browser always connects with TLS if it’s available and the message is present with or without TLS or extensions, even when using cURL. I would notice if my VPN service injected things like this because I disable JavaScript and cookies by default. I think it’s unlikely I’m being MiTMed because the certificate is definitely from Let’s Encrypt. Also, I don’t see the point in MiTMing me just to put a JavaScript challenge on someone’s personal website.
I still think it’s a hosting provider thing. It doesn’t really matter to me, I’m just curious.