diff --git a/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.cpp b/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.cpp
index 2e3ca49a166..56ffd16e321 100644
--- a/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.cpp
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.cpp
@@ -541,7 +541,7 @@ MatchResult does_url_match_expression_in_origin_with_redirect_count(URL::URL con
origin_port = origin.port();
}
- if (origin_host == url.host() && (origin.port() == url.port() || (origin_port == origin_default_port && url.port() == url_default_port))) {
+ if (origin_host == url.host() && (origin_port == url.port() || (origin_port == origin_default_port && url.port() == url_default_port))) {
// 1. url’s scheme is "https" or "wss"
if (url.scheme() == "https"sv || url.scheme() == "wss"sv)
return MatchResult::Matches;
diff --git a/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.txt b/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.txt
new file mode 100644
index 00000000000..58bedbbb114
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.txt
@@ -0,0 +1,6 @@
+Harness status: OK
+
+Found 1 tests
+
+1 Pass
+Pass Iframe's url must not match with 'self'. It must be blocked.
\ No newline at end of file
diff --git a/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.txt b/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.txt
new file mode 100644
index 00000000000..f13cd89cc17
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.txt
@@ -0,0 +1,6 @@
+Harness status: OK
+
+Found 1 tests
+
+1 Pass
+Pass Image's url must not match with 'self'. Image must be blocked.
\ No newline at end of file
diff --git a/Tests/LibWeb/Text/input/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.html b/Tests/LibWeb/Text/input/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.html
new file mode 100644
index 00000000000..48d67019c99
--- /dev/null
+++ b/Tests/LibWeb/Text/input/wpt-import/content-security-policy/frame-src/frame-src-self-unique-origin.html
@@ -0,0 +1,49 @@
+
+
+
+
+ frame-src-self-unique-origin
+
+
+
+
+
+
+ The origin of an URL is called "unique" when it is considered to be
+ different from every origin, including itself. The origin of a
+ data-url is unique. When the current origin is unique, the CSP source
+ 'self' must not match any URL.
+
+
+
+
+
diff --git a/Tests/LibWeb/Text/input/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.html b/Tests/LibWeb/Text/input/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.html
new file mode 100644
index 00000000000..bfb9cd07b72
--- /dev/null
+++ b/Tests/LibWeb/Text/input/wpt-import/content-security-policy/img-src/img-src-self-unique-origin.html
@@ -0,0 +1,49 @@
+
+
+
+
+ img-src-self-unique-origin
+
+
+
+
+
+
+ The origin of an URL is called "unique" when it is considered to be
+ different from every origin, including itself. The origin of a
+ data-url is unique. When the current origin is unique, the CSP source
+ 'self' must not match any URL.
+
+
+
+
+