Relax '*' in CSPSourceList to match the protected resource's protocol.

third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
index 4860ab0d6eaf3c80375640fef0d112dfb3085ae3..e79be0cb7f443000eff00eebba9bcf9845bf544f 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
@@ -93,6 +93,32 @@ TEST_F(CSPSourceListTest, BasicMatchingStar)
     EXPECT_FALSE(sourceList.matches(KURL(base, "applewebdata://example.test/")));
 }
 
+TEST_F(CSPSourceListTest, StarMatchesSelf)
+{
+    KURL base;
+    String sources = "*";
+    CSPSourceList sourceList(csp.get(), "script-src");
+    parseSourceList(sourceList, sources);
+
+
+    // With a protocol of 'file', '*' matches 'file:':
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::create("file", "", 0);
+    csp->setupSelf(*origin);
+    EXPECT_TRUE(sourceList.matches(KURL(base, "file:///etc/hosts")));
+
+    // The other results are the same as above:
+    EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/")));
+    EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/")));
+    EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar")));
+    EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/")));
+    EXPECT_TRUE(sourceList.matches(KURL(base, "http://foo.example.com/bar")));
+
+    EXPECT_FALSE(sourceList.matches(KURL(base, "data:https://example.test/")));
+    EXPECT_FALSE(sourceList.matches(KURL(base, "blob:https://example.test/")));
+    EXPECT_FALSE(sourceList.matches(KURL(base, "filesystem:https://example.test/")));
+    EXPECT_FALSE(sourceList.matches(KURL(base, "applewebdata://example.test/")));
+}
+
 TEST_F(CSPSourceListTest, BasicMatchingSelf)
 {
     KURL base;