>An all-new reason to use Content-Security-Policy Correct me if I'm wrong, but I... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pmh on Feb 19, 2015 \| parent \| context \| favorite \| on: Lenovo Caught Installing Adware on New Computers >An all-new reason to use Content-Security-Policy Correct me if I'm wrong, but I don't think any amount of CSP will help you in this situation. They're MITMing traffic and thus can modify the CSP headers.

kentonv on Feb 19, 2015 [–]

Fair enough, though I'd bet they aren't smart enough to have actually blocked the header. They apparently don't even support WebSocket.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact