Teach 'LinkRequestBuilder' about the 'nonce' attribute.
Rather than special-casing stylesheet loading, this patch teaches
'LinkRequestBuilder' to grab the nonce when creating requests associated
with '<link>' elements. This ensures that we deal correctly with
stylesheet and HTML imports.
The import tests added in 'http/tests/security/contentSecurityPolicy/nonces/'
verify the expected behavior: a CSP containing "script-src 'nonce-abc'" should
allow '<link rel="import" nonce="abc" href="...">'.
BUG=627762
R=jochen@chromium.org
Review-Url: https://codereview.chromium.org/2147853003
Cr-Commit-Position: refs/heads/master@{#405454}
7 files changed
