Whitelisting `127.0.0.1` and `localhost` for HTTP in extensions' CSP.

chrome/common/extensions/csp_validator_unittest.cc

Index: chrome/common/extensions/csp_validator_unittest.cc
diff --git a/chrome/common/extensions/csp_validator_unittest.cc b/chrome/common/extensions/csp_validator_unittest.cc
index 33c3deb164e650095f0608b9457318793b514fa1..4caab6d6f3bb6329e7986dcd6698f834c432e9b9 100644
--- a/chrome/common/extensions/csp_validator_unittest.cc
+++ b/chrome/common/extensions/csp_validator_unittest.cc
@@ -76,6 +76,21 @@ TEST(ExtensionCSPValidator, IsSecure) {
       "default-src 'self' google.com"));
   EXPECT_TRUE(ContentSecurityPolicyIsSecure(
       "default-src 'self' https://*.google.com"));
+
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://127.0.0.1"));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://localhost"));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://lOcAlHoSt"));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://127.0.0.1:9999"));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://localhost:8888"));
+  EXPECT_FALSE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://127.0.0.1.example.com"));
+  EXPECT_FALSE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' http://localhost.example.com"));
 }
 
 TEST(ExtensionCSPValidator, IsSandboxed) {