Update content-security-policy.

servo · bors-servo · Mar 25, 2020 · Mar 20, 2020 · Mar 25, 2020 · 19216627d3fff66f11b8cfac94eb80c1049027fb
commit 19216627d3fff66f11b8cfac94eb80c1049027fb
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/components/malloc_size_of/Cargo.toml b/components/malloc_size_of/Cargo.toml
@@ -29,7 +29,7 @@ servo = [
 [dependencies]
 accountable-refcell = { version = "0.2.0", optional = true }
 app_units = "0.7"
-content-security-policy = {version = "0.3.0", features = ["serde"], optional = true}
+content-security-policy = {version = "0.4.0", features = ["serde"], optional = true}
 crossbeam-channel = { version = "0.4", optional = true }
 cssparser = "0.27"
 euclid = "0.20"

diff --git a/components/net/Cargo.toml b/components/net/Cargo.toml
@@ -18,7 +18,7 @@ doctest = false
 base64 = "0.10.1"
 brotli = "3"
 bytes = "0.4"
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie_rs = {package = "cookie", version = "0.11"}
 crossbeam-channel = "0.4"
 data-url = "0.1.0"

diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
@@ -203,6 +203,7 @@ pub fn main_fetch(
 
     // Step 2.4.
     if should_request_be_blocked_by_csp(request) == csp::CheckResult::Blocked {
+        warn!("Request blocked by CSP");
         response = Some(Response::network_error(NetworkError::Internal(
             "Blocked by Content-Security-Policy".into(),
         )))

diff --git a/components/net_traits/Cargo.toml b/components/net_traits/Cargo.toml
@@ -13,7 +13,7 @@ test = false
 doctest = false
 
 [dependencies]
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie = "0.11"
 embedder_traits = { path = "../embedder_traits" }
 headers = "0.2"

diff --git a/components/script/Cargo.toml b/components/script/Cargo.toml
@@ -39,7 +39,7 @@ bitflags = "1.0"
 bluetooth_traits = {path = "../bluetooth_traits"}
 canvas_traits = {path = "../canvas_traits"}
 caseless = "0.2"
-content-security-policy = {version = "0.3.0", features = ["serde"]}
+content-security-policy = {version = "0.4.0", features = ["serde"]}
 cookie = "0.11"
 chrono = "0.4"
 crossbeam-channel = "0.4"

diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs
@@ -460,6 +460,7 @@ impl HTMLScriptElement {
                 &text,
             ) == csp::CheckResult::Blocked
         {
+            warn!("Blocking inline script due to CSP");
             return;
         }