Implementing $csp modifier from uBlockOrigin

[gunir]

What does this PR do?

This PR will allow Zen to use $csp from uBO: https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#csp

How did you verify your code works?

This option will inject an additional Content-Security-Policy header to the HTTP network response of the requested web page. This will make Content Security Policy more strict as designed by the specification. It will be applied to document requests only.

This special filter will not block matching resources but only apply HTTP header to pages matching it. Mixing it with other options specifying resource types like image, script or frame (subdocument) cannot happen. It can still be used with 1p (first-party), 3p (third-party) or domain options.

Because of how csp filters get implemented, they allow for some interesting applications. For example, you can block scripts only in some specific path on the page:

What are the relevant issues?

Nothing, just implement this feature to be closer to uBO's syntax

[coderabbitai]

Walkthrough

Adds a new Content-Security-Policy modifier by introducing CSPModifier and wiring it into modifier parsing so csp=... directives are recognized and applied to HTTP responses.

Changes

Cohort / File(s)	Summary
CSP Modifier Implementation networkrules/rulemodifiers/csp.go	New CSPModifier type implementing ModifyingModifier: Parse accepts csp= policies, ModifyRes adds the policy via Header.Add("Content-Security-Policy", policy), ModifyReq is no-op, Cancels compares policy equality.
Modifier Registration networkrules/rule/rule.go	Updated ParseModifiers() to recognize "csp" modifier and instantiate CSPModifier.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• anfragment

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description addresses the 'What does this PR do?' section with detailed explanation of CSP functionality and uBO compatibility. However, the 'How did you verify your code works?' section lacks concrete testing evidence (no manual steps or automated tests mentioned), and testing description focuses on feature design rather than verification approach.	Add specific testing steps: describe manual test execution, link to or mention automated tests covering CSP modifier parsing and response header injection, and verify edge cases like invalid CSP values.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: implementing support for the $csp modifier from uBlockOrigin, which is clearly reflected in the code additions and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 104dd41 and 1b8c81b.

📒 Files selected for processing (1)

• networkrules/rule/rule.go

🚧 Files skipped from review as they are similar to previous changes (1)

• networkrules/rule/rule.go

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anfragment]

@gunir Thanks for the PR, LGTM overall! Please see the suggested comments.

[anfragment]

$csp exception modifiers can exist without a value, such as this example from this filter list:

@@||lewd.ninja^$csp

We need to handle this case as well, by:

• Allowing modifiers without a value in Parse, leaving policy as an empty string
• In ModifyRes, skipping modifier application when policy in an empty string
• In Cancels, always canceling the other policy if m.policy == ""; otherwise, comparing policies for full equality
• Adding the modifier to exceptionrule.go