It should not be necessary thanks to our Content Security Policy, but best be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about loading remote scripts.
* Embed modal * Proxy OEmbed requests from web UI