I don't see any tests for wildcarded hosts in Content Security Policy source expressions. Just to make sure that http://crbug.com/156561 doesn't become an issue for WebKit in the future, I'll add a few.
Created attachment 169361 [details] Patch
Comment on attachment 169361 [details] Patch WDYT, Adam?
Comment on attachment 169361 [details] Patch I support better testing.
Comment on attachment 169361 [details] Patch Clearing flags on attachment: 169361 Committed r131813: <http://trac.webkit.org/changeset/131813>
All reviewed patches have been landed. Closing bug.