- From: Jake Archibald <notifications@github.com>
- Date: Mon, 23 Mar 2015 09:47:01 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Monday, 23 March 2015 16:47:27 UTC
Web security isn't just about data the user sends you, it's also about the data you send your user. Specifically, in this case, you'll be sending code that ensures user data is sent over a secure channel (this could simply be HTTPS, doesn't need to be wss), but you'll be sending that code over an insecure channel. That means a MITM simply needs to remove/rewrite the code that ensures the user data is sent securely. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/658#issuecomment-85089366
Received on Monday, 23 March 2015 16:47:27 UTC