Relax '*' in CSPSourceList to match the FTP protocol.

third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
index dd061cd16411100f48d3bd660f2cc46212b24c21..e429ce978f078e86ac6b5b18795deca5988e7892 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
@@ -46,14 +46,15 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy,
 bool CSPSourceList::matches(
     const KURL& url,
     ResourceRequest::RedirectStatus redirectStatus) const {
-  // Wildcards match network schemes ('http', 'https', 'ws', 'wss'), and the
-  // scheme of the protected resource:
-  // https://w3c.github.io/webappsec-csp/#match-url-to-source-expression.  Other
+  // Wildcards match network schemes ('http', 'https', 'ftp', 'ws', 'wss'), and
+  // the scheme of the protected resource:
+  // https://w3c.github.io/webappsec-csp/#match-url-to-source-expression. Other
   // schemes, including custom schemes, must be explicitly listed in a source
   // list.
   if (m_allowStar) {
-    if (url.protocolIsInHTTPFamily() || url.protocolIs("ws") ||
-        url.protocolIs("wss") || m_policy->protocolMatchesSelf(url))
+    if (url.protocolIsInHTTPFamily() || url.protocolIs("ftp") ||
+        url.protocolIs("ws") || url.protocolIs("wss") ||
+        m_policy->protocolMatchesSelf(url))
       return true;
 
     return hasSourceMatchInList(url, redirectStatus);