Embedding-CSP: Ports subsumption

third_party/WebKit/Source/core/frame/csp/CSPSource.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
index bbde1965e3c178aae9988bbe2c567b2fee718169..81f66964e4db03816d773a155880f1434aa993bd 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
@@ -132,7 +132,8 @@ bool CSPSource::isSimilar(CSPSource* other) const {
   bool hostsMatch = (m_host == other->m_host) || hostMatches(other->m_host) ||
                     other->hostMatches(m_host);
   bool portsMatch = (other->m_portWildcard == HasWildcard) ||
-                    portMatches(other->m_port, other->m_scheme);
+                    portMatches(other->m_port, other->m_scheme) ||
+                    other->portMatches(m_port, m_scheme);
   bool pathsMatch = pathMatches(other->m_path) || other->pathMatches(m_path);
   if (hostsMatch && portsMatch && pathsMatch)
     return true;
@@ -154,7 +155,11 @@ CSPSource* CSPSource::intersect(CSPSource* other) const {
 
   String host = m_hostWildcard == NoWildcard ? m_host : other->m_host;
   String path = other->pathMatches(m_path) ? m_path : other->m_path;
-  int port = (other->m_portWildcard == HasWildcard || !other->m_port)
+  // Choose this port if the other port is empty, has wildcard or is a port for
+  // a less secure scheme such as "http" whereas scheme of this is "https", in
+  // which case the lengths would differ.
+  int port = (other->m_portWildcard == HasWildcard || !other->m_port ||
+              m_scheme.length() > other->m_scheme.length())
                  ? m_port
                  : other->m_port;
   WildcardDisposition hostWildcard =