| Index: third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
|
| index 328bafc244d64beabde5e86ef13eb3526d6dc117..471f6fba7a7ea30aad8138be5c04c5411288c4c9 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
|
| @@ -47,11 +47,11 @@ CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& direct
|
|
|
| bool CSPSourceList::matches(const KURL& url, ResourceRequest::RedirectStatus redirectStatus) const
|
| {
|
| - // Wildcards match network schemes ('http', 'https', 'ws', 'wss'), and the scheme of the
|
| + // Wildcards match network schemes ('http', 'https', 'ftp', 'ws', 'wss'), and the scheme of the
|
| // protected resource: https://w3c.github.io/webappsec-csp/#match-url-to-source-expression.
|
| // Other schemes, including custom schemes, must be explicitly listed in a source list.
|
| if (m_allowStar) {
|
| - if (url.protocolIsInHTTPFamily() || url.protocolIs("ws") || url.protocolIs("wss") || m_policy->protocolMatchesSelf(url))
|
| + if (url.protocolIsInHTTPFamily() || url.protocolIs("ftp") || url.protocolIs("ws") || url.protocolIs("wss") || m_policy->protocolMatchesSelf(url))
|
| return true;
|
|
|
| return hasSourceMatchInList(url, redirectStatus);
|
|
|