Revert of Change wildcard source expression matching to conform latest spec

third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
index 2de9409efe9c473ebdfefd97e7cdea01904ca16b..9c885b7366c11e6ae7e31fd6e4a1c44551d10386 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
@@ -47,16 +47,15 @@
 
 bool CSPSourceList::matches(const KURL& url, ResourceRequest::RedirectStatus redirectStatus) const
 {
-    // The CSP spec specifically states that only http:, https:, ws: and wss: should
-    // be captured by a '*" source.
-    // (https://w3c.github.io/webappsec-csp/#match-url-to-source-expression). Thus,
-    // in the case of a full wildcard, URLs with any other schemes are
+    // The CSP spec specifically states that data:, blob:, and filesystem URLs
+    // should not be captured by a '*" source
+    // (http://www.w3.org/TR/CSP2/#source-list-guid-matching). Thus, in the
+    // case of a full wildcard, data:, blob:, and filesystem: URLs are
     // explicitly checked for in the source list before allowing them through.
     if (m_allowStar) {
-        if (url.protocolIsInHTTPFamily() || url.protocolIs("ws") || url.protocolIs("wss"))
-            return true;
-
-        return hasSourceMatchInList(url, redirectStatus);
+        if (url.protocolIs("blob") || url.protocolIs("data") || url.protocolIs("filesystem"))
+            return hasSourceMatchInList(url, redirectStatus);
+        return true;
     }
 
     KURL effectiveURL = m_policy->selfMatchesInnerURL() && SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;