Okay, my facts weren't entirely correct. The HTML of the form shows as POSTing t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

DEinspanjer on May 1, 2014 | parent | context | favorite | on: The Launch of the Mayday Citizens' SuperPAC

Okay, my facts weren't entirely correct.

The HTML of the form shows as POSTing to the same page, but the Stripe JS captures the submit event and cancels it, then makes an API call to Stripe's server via a secure connection. It works, but it is still somewhat vulnerable to MitM attacks.

I like @lessig's latest response. Much more firm and reassuring:

https://twitter.com/lessig/status/461914159417147392

nollidge on May 1, 2014 [–]

I just hit "donate" and it took me to:

https://mayone.us/fec_compliance/

Sincere thanks to everybody who complained to them about this - I wouldn't have donated without HTTPS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact