Apply connect-src for link preload with no `as` value

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 52ef1de51c2fae117ff77b156b302897ead5674c..9e9bd687b2cdaccbef18bc383ae1eec91b06bda5 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -830,6 +830,7 @@ bool ContentSecurityPolicy::allowRequest(
     case WebURLRequest::RequestContextEventSource:
     case WebURLRequest::RequestContextFetch:
     case WebURLRequest::RequestContextXMLHttpRequest:
+    case WebURLRequest::RequestContextSubresource:

[Mike West, 2016/11/10 18:59:10]

How confident are you that `Subresource` is targeted to `<link rel="preload">`?
Based on
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/fetch/Res...
it looks like other types might be effected.

       return allowConnectToSource(url, redirectStatus, reportingStatus);
     case WebURLRequest::RequestContextEmbed:
     case WebURLRequest::RequestContextObject:
@@ -868,7 +869,6 @@ bool ContentSecurityPolicy::allowRequest(
     case WebURLRequest::RequestContextPing:
     case WebURLRequest::RequestContextPlugin:
     case WebURLRequest::RequestContextPrefetch:
-    case WebURLRequest::RequestContextSubresource:
     case WebURLRequest::RequestContextUnspecified:
       return true;
   }