Auto merge of #26005 - jdm:hubs-csp, r=nox

Update content-security-policy. This allows hubs.mozilla.org to load instead of panicking due to unimplemented CSP features. --- - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #24702 - [x] These changes do not require tests because we never enabled the CSP testsuite
2025-08-03 12:40:06 +01:00 · 2020-03-25 13:33:23 -04:00 · 2020-03-25 13:33:23 -04:00 · a9965db69f
commit a9965db69f
parent 2d055cbf6b 19216627d3
7 changed files with 16 additions and 6 deletions
--- a/components/malloc_size_of/Cargo.toml
+++ b/components/malloc_size_of/Cargo.toml
@ -29,7 +29,7 @@ servo = [
 [dependencies]
 accountable-refcell = { version = "0.2.0", optional = true }
 app_units = "0.7"
-content-security-policy = {version = "0.3.0", features = ["serde"], optional = true}
+content-security-policy = {version = "0.4.0", features = ["serde"], optional = true}
 crossbeam-channel = { version = "0.4", optional = true }
 cssparser = "0.27"
 euclid = "0.20"
--- a/components/net/Cargo.toml
+++ b/components/net/Cargo.toml
@ -18,7 +18,7 @@ doctest = false
 base64 = "0.10.1"
 brotli = "3"
 bytes = "0.4"
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie_rs = {package = "cookie", version = "0.11"}
 crossbeam-channel = "0.4"
 data-url = "0.1.0"
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@ -203,6 +203,7 @@ pub fn main_fetch(

    // Step 2.4.
    if should_request_be_blocked_by_csp(request) == csp::CheckResult::Blocked {
+        warn!("Request blocked by CSP");
        response = Some(Response::network_error(NetworkError::Internal(
            "Blocked by Content-Security-Policy".into(),
        )))
--- a/components/net_traits/Cargo.toml
+++ b/components/net_traits/Cargo.toml
@ -13,7 +13,7 @@ test = false
 doctest = false

 [dependencies]
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie = "0.11"
 embedder_traits = { path = "../embedder_traits" }
 headers = "0.2"
--- a/components/script/Cargo.toml
+++ b/components/script/Cargo.toml
@ -39,7 +39,7 @@ bitflags = "1.0"
 bluetooth_traits = {path = "../bluetooth_traits"}
 canvas_traits = {path = "../canvas_traits"}
 caseless = "0.2"
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie = "0.11"
 chrono = "0.4"
 crossbeam-channel = "0.4"
--- a/components/script/dom/htmlscriptelement.rs
+++ b/components/script/dom/htmlscriptelement.rs
@ -458,6 +458,7 @@ impl HTMLScriptElement {
                &text,
            ) == csp::CheckResult::Blocked
        {
+            warn!("Blocking inline script due to CSP");
            return;
        }