Backports to beta (#7660)

* Improve handling of RocksDB corruption (#7630)

* kvdb-rocksdb: update rust-rocksdb version

* kvdb-rocksdb: mark corruptions and attempt repair on db open

* kvdb-rocksdb: better corruption detection on open

* kvdb-rocksdb: add corruption_file_name const

* kvdb-rocksdb: rename mark_corruption to check_for_corruption

* Hardening of CSP (#7621)

* Fixed delegatecall's from/to (#7568)

* Fixed delegatecall's from/to, closes #7166

* added tests for delegatecall traces, #7167

* Light client RPCs (#7603)

* Implement registrar.

* Implement eth_getCode

* Don't wait for providers.

* Don't wait for providers.

* Fix linting and wasm tests.

* Problem: AttachedProtocols don't get registered (#7610)

I was investigating issues I am having with Whisper support. I've
enabled Whisper on a custom test network and inserted traces into
Whisper handler implementation (Network<T> and NetworkProtocolHandler
for Network<T>) and I noticed that the handler was never invoked.

After further research on this matter, I found out that
AttachedProtocol's register function does nothing:
https://github.com/paritytech/parity/blob/master/sync/src/api.rs#L172
but there was an implementation originally:
99075ad#diff-5212acb6bcea60e9804ba7b50f6fe6ec and it did the actual
expected logic of registering the protocol in the NetworkService.

However, as of 16d84f8#diff-5212acb6bcea60e9804ba7b50f6fe6ec ("finished
removing ipc") this implementation is gone and only the no-op function
is left.

Which leads me to a conclusion that in fact Whisper's handler never gets
registered in the service and therefore two nodes won't communicate
using it.

Solution: Resurrect original non-empty `AttachedProtocols.register`
implementation

Resolves #7566

* Fix Temporarily Invalid blocks handling (#7613)

* Handle temporarily invalid blocks in sync.

* Fix tests.

dapps/src/handlers/mod.rs

@@ -47,6 +47,8 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Embedd
 
 	// Content Security Policy headers
 	headers.set_raw("Content-Security-Policy", String::new()
+		// Restrict everything to the same origin by default.
+		+ "default-src 'self';"
 		// Allow connecting to WS servers and HTTP(S) servers.
 		// We could be more restrictive and allow only RPC server URL.
 		+ "connect-src http: https: ws: wss:;"
@@ -64,7 +66,9 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Embedd
 		+ "style-src 'self' 'unsafe-inline' data: blob: https:;"
 		// Allow fonts from data: and HTTPS.
 		+ "font-src 'self' data: https:;"
-		// Allow inline scripts and scripts eval (webpack/jsconsole)
+		// Disallow objects
+		+ "object-src 'none';"
+		// Allow scripts
 		+ {
 			let script_src = embeddable_on.as_ref()
 				.map(|e| e.extra_script_src.iter()
@@ -72,18 +76,16 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Embedd
 					 .join(" ")
 				).unwrap_or_default();
 			&format!(
-				"script-src 'self' 'unsafe-inline' 'unsafe-eval' {};",
+				"script-src 'self' {};",
 				script_src
 			)
 		}
 		// Same restrictions as script-src with additional
 		// blob: that is required for camera access (worker)
-		+ "worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:;"
-		// Restrict everything else to the same origin.
-		+ "default-src 'self';"
+		+ "worker-src 'self' https: blob:;"
 		// Run in sandbox mode (although it's not fully safe since we allow same-origin and script)
 		+ "sandbox allow-same-origin allow-forms allow-modals allow-popups allow-presentation allow-scripts;"
-		// Disallow subitting forms from any dapps
+		// Disallow submitting forms from any dapps
 		+ "form-action 'none';"
 		// Never allow mixed content
 		+ "block-all-mixed-content;"