diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
index 5daa087a01e80..316ec852394a4 100644
--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
@@ -1738,6 +1738,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(
             // DeclarativeApiTest.PersistRules.
             if (actual_process_lock.matches_scheme(url::kDataScheme))
               return true;
+
+            // Allow other schemes that are non-standard, non-local and WebSafe.
+            if (lock_url.is_valid() &&
+                !lock_url.IsStandard() &&
+                !base::Contains(url::GetLocalSchemes(),
+                                lock_url.scheme_piece()) &&
+                base::Contains(schemes_okay_to_request_in_any_process_,
+                               lock_url.scheme())) {
+              return true;
+            }
           }
 
           // TODO(wjmaclean): We should update the ProcessLock comparison API
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index f1136b6502573..654397a5a9f76 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -5803,6 +5803,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryWithoutFinalFrameHost(
     network::mojom::WebSandboxFlags sandbox_flags) {
   // Calculate an approximation of the origin. The sandbox/csp are ignored.
   url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);
+  if (!origin.GetURL().IsStandard()) {
+    // Always return an opaque origin for non-standard URLs. Otherwise, the
+    // below CanAccessDataForOrigin() check may fail for unregistered custom
+    // scheme requests in CEF.
+    return origin.DeriveNewOpaqueOrigin();
+  }
 
   // Apply sandbox flags.
   // See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag
@@ -5836,6 +5842,15 @@ NavigationRequest::GetOriginForURLLoaderFactoryWithFinalFrameHost() {
   if (IsSameDocument() || IsPageActivation())
     return GetRenderFrameHost()->GetLastCommittedOrigin();
 
+  // Calculate an approximation of the origin. The sandbox/csp are ignored.
+  url::Origin unchecked_origin = GetOriginForURLLoaderFactoryUnchecked(this);
+  if (!unchecked_origin.GetURL().IsStandard()) {
+    // Always return an opaque origin for non-standard URLs. Otherwise, the
+    // below CanAccessDataForOrigin() check may fail for unregistered custom
+    // scheme requests in CEF.
+    return unchecked_origin.DeriveNewOpaqueOrigin();
+  }
+
   url::Origin origin = GetOriginForURLLoaderFactoryWithoutFinalFrameHost(
       sandbox_flags_to_commit_.value());