CSP Level 3 changes - "Child-src" Deprecated, Replaced by "frame-src" that is undeprecated, and "worker-src" is added

[PrinsFrank]

The CSP level 3 Editors draft specifies that child-src is now deprecated. Generally these "editor drafts" are what browsers use to implement from. The following changes are important:

"frame-src"

• Was previously deprecated, is now undeprecated
• Defers to "child-src" if not present, which in turn defers to "default-src" if not present

"worker-src"

• Added to spec
• Defers to "script-src" if not present, which in turn defers to "default-src" if not present

"child-src"

• deprecated

I will research what changes are necessary and create a pull request shortly

[bepsvpt]

Hi @PrinsFrank,

I have release a new version that support CSP level 3, however, this is a breaking change upgrade. If you have encountered any problem in upgrade progress, open a new issue or reply in this issue and I will do my best to help you solve the problem.

[bepsvpt]

Closing due to inactivity. If you have any question, feel free to open a new issue with a reference to this one.