While working on bug 1333573 and its fallout its become apparent that CSP can get propagated around via the principal by accident. We should verify that if a dedicated Worker gets CSP set via headers those CSP values are not accidentally propagated back to the document.
I wrote a test case here: https://people-mozilla.org/~bkelly/csp-propagation-test/index.html AFAICT we don't have this kind of backward CSP propagation problem. I guess I should roll this into a couple automated test.
You need to log in before you can comment on or make changes to this bug.