Hacker News new | ask | show | jobs
by pmh 4141 days ago
>An all-new reason to use Content-Security-Policy

Correct me if I'm wrong, but I don't think any amount of CSP will help you in this situation. They're MITMing traffic and thus can modify the CSP headers.
1 comments
kentonv 4141 days ago
Fair enough, though I'd bet they aren't smart enough to have actually blocked the header. They apparently don't even support WebSocket.
link