Well I guess it can serve some corporate use cases were most people don't have the skills to identify issues and prefer to have a policy to just blanket ban all.
It's a habit in certain large companies to just ban any tool which might potentially be misused.
I see the utility but it's disappointing. I hope they don't force it on everyone because the risk vs solution tradeoff is not relevant to most entities who use it.
It's not a global browser policy setting, it's something the serving website enables on a per-page basis. HN serves a (somewhat lax) CSP header itself.
It's a habit in certain large companies to just ban any tool which might potentially be misused.
I see the utility but it's disappointing. I hope they don't force it on everyone because the risk vs solution tradeoff is not relevant to most entities who use it.