CSP: Allow port upgrade when the both expression's scheme and port is 'http'...

CSP: Allow port upgrade when the both expression's scheme and port is 'http' and '443' when the scheme is upgradable

<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' http://example.com:443;">
<script src="https://example.com"></script>

In the above example, the source should be allowed because the URL is matched to the CSP expression because all the rules are satisfied including the port-part matching rule.

See https://www.w3.org/TR/CSP3/ section 6.6.2.6. "Does url match expression in origin with redirect count?" and 6.6.2.9 "port-part matching".

Chromium's current CSP implementation blocks the source because scheme-part matching function returns 'kMatchingUpgrade' but port-part matching function returns 'kMatchingExact' not 'kMatchingUpgrade'.

This fix the port-part matching function to return 'kMatchingUpgrade' where both expression's scheme and port is equal to "http" and "443" when the scheme is upgradable(http->https).

Bug: 892084
TEST: build and run blink_unittests
Change-Id: Ic611b6b1e298a9c4f0457ba4a474475ae0b66250
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1890451Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#711224}

AUTHORS

@@ -908,6 +908,7 @@ Synthia Islam <synthia.is@samsung.com>
 Szabolcs David <davidsz@inf.u-szeged.hu>
 Szymon Piechowicz <szymonpiechowicz@o2.pl>
 Taeheon Kim <skyrabbits1@gmail.com>
+Taeho Nam <thn7440@gmail.com>
 Taehoon Lee <taylor.hoon@gmail.com>
 Takashi Fujita <tgfjt.mail@gmail.com>
 Takeshi Kurosawa <taken.spc@gmail.com>

third_party/blink/renderer/core/frame/csp/csp_source.cc

@@ -168,7 +168,7 @@ CSPSource::PortMatchingResult CSPSource::PortMatches(
   is_scheme_http = scheme_.IsEmpty() ? policy_->ProtocolEqualsSelf("http")
                                      : EqualIgnoringASCIICase("http", scheme_);
 
-  if ((port_ == 80 || (port_ == 0 && is_scheme_http)) &&
+  if ((port_ == 80 || ((port_ == 0 || port_ == 443) && is_scheme_http)) &&
       (port == 443 || (port == 0 && DefaultPortForProtocol(protocol) == 443)))
     return PortMatchingResult::kMatchingUpgrade;
 

third_party/blink/renderer/core/frame/csp/csp_source_test.cc

@@ -199,7 +199,7 @@ TEST_F(CSPSourceTest, SchemeIsEmpty) {
 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
   KURL base;
 
-  // source scheme is "http"
+  // source scheme is "http", source port is 80
   {
     CSPSource source(csp.Get(), "http", "example.com", 80, "/",
                      CSPSource::kNoWildcard, CSPSource::kNoWildcard);
@@ -224,6 +224,13 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) {
     EXPECT_FALSE(source.Matches(KURL(base, "https://not-example.com:443/")));
   }
 
+  // source scheme is "http", source port is 443
+  {
+    CSPSource source(csp.Get(), "http", "example.com", 443, "/",
+                     CSPSource::kNoWildcard, CSPSource::kNoWildcard);
+    EXPECT_TRUE(source.Matches(KURL(base, "https://example.com/")));
+  }
+
   // source scheme is empty
   {
     Persistent<ContentSecurityPolicy> csp(