diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index d07ad7945..6d4f297d6 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -555,7 +555,21 @@ permitsPort(const nsAString& aEnforcementScheme,
 
   int32_t resourcePort;
   nsresult rv = aResourceURI->GetPort(&resourcePort);
-  NS_ENSURE_SUCCESS(rv, false);
+  if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
+    // If we cannot get a Port (e.g. because of an Custom Protocol handler)
+    // we need to check if a default port is associated with the Scheme
+    if (aEnforcementScheme.IsEmpty()) {
+      return false;
+    }
+    int defaultPortforScheme =
+        NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
+
+    // If there is no default port associated with the Scheme (
+    // defaultPortforScheme == -1) or it is an externally handled protocol (
+    // defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
+    // allow not having a port
+    return (defaultPortforScheme == -1 || defaultPortforScheme == 0);
+  }
 
   // Avoid unnecessary string creation/manipulation and don't block the
   // load if the resource to be loaded uses the default port for that