angler-fishThe Vulnerability History Project

CSP: Allow ':80' to match ':443' in source expressions.

      https://github.com/w3c/webappsec-csp/commit/22d08b990290e49f5a666fad08de16d75bb369e7#diff-117d6498d2aa8019cc0abf5eeb87a9fa
updated CSP to allow insecure ports to match secure ports in source
expressions. This is a refinement of the change that landed in
https://codereview.chromium.org/1455973003 to address Sniffly.

BUG=625945
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2125873003
Cr-Commit-Position: refs/heads/master@{#404127}
by Wallace the Slow Worm 2016-07-07 11:18:19 UTC
commit e6d181417ea462ac221d768c960a21018266a4a8
Chromium Fix CVE-2016-5137
third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
-3
third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
+2 -26
expand_less