csp filter for document doesn't work

[Yuki2718]

One of the two-folded issues in https://community.brave.com/t/web/561437

*$doc,csp=script-src-attr 'none',to=flatpanelshd.com|sportsrec.com|badmouth1.com|jin115.com|picrew.me|lamire.jp
||html-load.com/loader.min.js$domain=badmouth1.com|carscoops.com|dziennik.pl|eurointegration.com.ua|flatpanelshd.com|fourfourtwo.co.kr|jin115.com|lamire.jp|logicieleducatif.fr|mydaily.co.kr|picrew.me|reportera.co.kr|sportsrec.com|taxguru.in|thestar.co.uk|tweaksforgeeks.com|videogamemods.com|wfmz.com|yorkshirepost.co.uk|onlinegdb.com|text-compare.com

in uBlock filters doen't work.

[antonok-edm]

@Yuki2718 is there ever a reason to use doc on a csp filter? As far as I'm aware, CSP can only ever apply to a document. For that reason I originally made it invalid to specify a resource type along with the csp option.

That constraint could be relaxed if necessary, but I'd like to understand if it even means anything.

[Yuki2718]

Yeah, tbh I don't think it makes much sense, unless one wants to apply only to either subdocument or main document for some reason. I'll discuss with other members.

[Yuki2718]

CSP can be set to workers and uBO may in future support $csp with $script (currently not as there's no code to inject in the response header of script). Having types option with $csp will be useful in terms of scalability.

[Yuki2718]

It seems if we use the form of *$csp=script-src-attr 'none',domain=example.com than ||example.com^$csp= distinguishing iframe and main document actually makes sense to avoid unnecessary application to iframes.