Stop CSP from matching independent scheme/port upgrades

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 2064ac7cca644ec9f2d823727a2bcdeda21556fc..fb333f828aa9425914ea5fbd60fe2517fad9d9fa 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -1470,6 +1470,10 @@ bool ContentSecurityPolicy::protocolMatchesSelf(const KURL& url) const {
   return equalIgnoringCase(url.protocol(), m_selfProtocol);
 }
 
+bool ContentSecurityPolicy::protocolIsEqual(const String& protocol) const {

[Mike West, 2017/02/21 14:24:04]

Is equal to what? It's not clear to me why I'd use this method and not
`protocolMatchesSelf`... couldn't you implement one in terms of the other?

[andypaicu, 2017/02/21 15:51:44]

We specifically don't want this function to match http family protocols if
m_selfProtocol is http because we are trying to determine not if it's something
in the http family but rather if it's exactly http

I will rename it and perhaps refactor protocolMatchesSelf to call this maybe
(not sure if really worth it)

+  return equalIgnoringCase(protocol, m_selfProtocol);
+}
+
 bool ContentSecurityPolicy::selfMatchesInnerURL() const {
   // Due to backwards-compatibility concerns, we allow 'self' to match blob and
   // filesystem URLs if we're in a context that bypasses Content Security Policy