CSP Level 3 changes - "Child-src" Deprecated, Replaced by "frame-src" that is undeprecated, and "worker-src" is added

Question

CSP Level 3 changes - "Child-src" Deprecated, Replaced by "frame-src" that is undeprecated, and "worker-src" is added

PrinsFrank opened this issue 7 years ago · 2 comments

The CSP level 3 Editors draft specifies that child-src is now deprecated. Generally these "editor drafts" are what browsers use to implement from. The following changes are important:

"frame-src"

Was previously deprecated, is now undeprecated
Defers to "child-src" if not present, which in turn defers to "default-src" if not present

"worker-src"

Added to spec
Defers to "script-src" if not present, which in turn defers to "default-src" if not present

"child-src"

deprecated

I will research what changes are necessary and create a pull request shortly

Answer 1 · 2018-04-09T10:00:46.000Z

Hi @PrinsFrank,

I have release a new version that support CSP level 3, however, this is a breaking change upgrade. If you have encountered any problem in upgrade progress, open a new issue or reply in this issue and I will do my best to help you solve the problem.

Answer 2 · 2018-05-07T03:55:10.000Z

Closing due to inactivity. If you have any question, feel free to open a new issue with a reference to this one.