We're coordinating with Mozilla in the W3C's public-web-security. This is a meta-bug for implementing the feature.
The list of blockers for this bug should now be complete. We might not implement all of the directives (e.g., frame-ancestors), but they're all listed as blocking this bug now so we can see the big picture.
WebKit's implementation is now (roughly) feature-complete. I'm going to leave this bug open to continue to serve as a meta bug for tracking any changes to the spec.
*** Bug 30081 has been marked as a duplicate of this bug. ***
CSP 1.0 is very close to WGLC. Let's use this bug as a meta bug for driving the last spec compliance issues to zero.
Note: I'll be punting some bugs to https://bugs.webkit.org/show_bug.cgi?id=85558, which is the meta bug for implementing CSP 1.1.
All CSP 1.0 tasks are complete.