Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

The only thing to understand is that it does nothing useful today.


What do you mean? It's a way to mitigate a certain attack vector and as far as I can tell, it works as intended given the circumstances it was designed under.


Doesn't it help protect clients from malicious 3P JS?

At least so long as they don't have malicious extensions or a non-CORS browser?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: