Client-side race condition via postMessage:
1. Initiate asynchronous request.
2. Before response, use postMessage to change origin.
3. Manipulated origin gains trust.
...you know where this is going.
Youssef explains all in Ep. 58: https://loom.ly/ovfwWUc
