Add CSP header for resources with an active policy

LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html

Index: LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html
diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html b/LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html
new file mode 100644
index 0000000000000000000000000000000000000000..615af49eaaea151c84f628b6e2470c72aa249fb4
--- /dev/null
+++ b/LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <meta http-equiv="Content-Security-Policy" content="script-src http://127.0.0.1:8000/">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- This sets 'script_loaded' to true if the CSP header is present. -->

[Mike West, 2015/03/20 14:53:54]

Nit: Can you add a negative test as well, verifying that we don't send the
header when we don't have to?

[estark, 2015/03/20 20:27:52]

csp-header-is-sent.js already sends an XHR and checks that the header is not
sent on that request; is that what you mean?

I think I'm going to go ahead and commit because I think that kind of test is
what you're looking for, but if it isn't, then let me know and I'll add another
test in a follow-up CL.

[Mike West, 2015/03/21 11:33:39]

You're right. I should have looked more carefully at the js file. Thanks, and
LGTM. :)

+    <script src="resources/test-csp-header.pl"></script>
+    <script src="resources/csp-header-is-sent.js"></script>
+</head>
+<body>
+</body>
+</html>