Take script URLs into account when applying script content settings.

chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

Index: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
diff --git a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
index 35231bbd2b58a2479cb3a9b14affa9c1ca3549b1..3d86c7cda87e10d0c04e8ca54ea4ce199c6e8103 100644
--- a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
+++ b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
@@ -333,16 +333,6 @@ void ChromeResourceDispatcherHostDelegate::OnResponseStarted(
     }
   }
 
-  // We must send the content settings for the URL before sending response
-  // headers to the renderer.
-  const content::ResourceContext& resource_context = filter->resource_context();
-  ProfileIOData* io_data =
-      reinterpret_cast<ProfileIOData*>(resource_context.GetUserData(NULL));
-  HostContentSettingsMap* map = io_data->GetHostContentSettingsMap();
-  filter->Send(new ChromeViewMsg_SetContentSettingsForLoadingURL(
-      info->route_id(), request->url(),
-      map->GetContentSettings(request->url())));
-
   // See if the response contains the X-Auto-Login header.  If so, this was
   // a request for a login page, and the server is allowing the browser to
   // suggest auto-login, if available.