diff --git a/content/base/src/CSPUtils.jsm b/content/base/src/CSPUtils.jsm
index 328f08c6d15..c9db1053f04 100644
--- a/content/base/src/CSPUtils.jsm
+++ b/content/base/src/CSPUtils.jsm
@@ -272,8 +272,11 @@ CSPRep.fromString = function(aStr, self) {
 
   } // end directive: loop
 
-  aCSPR.makeExplicit();
-  return aCSPR;
+  // if makeExplicit fails for any reason, default to allow 'none'.  This
+  // includes the case where "allow" is not present.
+  if (aCSPR.makeExplicit())
+    return aCSPR;
+  return CSPRep.fromString("allow 'none'", self);
 };
 
 CSPRep.prototype = {
@@ -409,6 +412,7 @@ CSPRep.prototype = {
     var SD = CSPRep.SRC_DIRECTIVES;
     var allowDir = this._directives[SD.ALLOW];
     if (!allowDir) {
+      CSPWarning("'allow' directive required but not present.  Reverting to \"allow 'none'\"");
       return false;
     }