To reproduce, serve the attached file with this header: Content-Security-Policy: script-src 'self' Expected devtools error (and actual in Fx 31 ESR): > Content Security Policy: The page's settings blocked the loading of a > resource: An attempt to execute inline scripts has been blocked Actual devtools console error in Fx 35: > Content Security Policy: The page's settings blocked the loading of a > resource at self ("script-src http://localhost").

Chris, I think this is a regression, no?

Kamil offered to take a look and investigate - thanks Kamil!

Found the regression range and double checked manually: 0:02.11 LOG: MainThread Bisector INFO Last good revision: 464bca437658 0:02.11 LOG: MainThread Bisector INFO First bad revision: be076357691c 0:02.11 LOG: MainThread Bisector INFO Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=464bca437658&tochange=be076357691c Next step is to scrub through the pushlog and find all the related CSP changes, investigate and see which changed could have caused the regression.

Francois, we are triaging at the moment, is this bug potentially a dub of Bug 1026520? If so, please mark as duplicate and close. Thanks so much!

This bug is possibly related, but it looks like a different one.

Kamil, do you wanna fix that since it's assigned to you? Otherwise let me know please.

Putting this in the backlog so it show up in our next triage.