Implementation of W3C compliant CSP script-src nonce.

Source/core/loader/ResourceLoaderOptions.h

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 42 matching lines @@
 enum ClientCrossOriginCredentialPolicy {
     AskClientForCrossOriginCredentials,
     DoNotAskClientForCrossOriginCredentials
 };
 
 enum SecurityCheckPolicy {
     SkipSecurityCheck,
     DoSecurityCheck
 };
 
+enum ContentSecurityPolicyCheck {
+    CheckContentSecurityPolicy,
+    DoNotCheckContentSecurityPolicy
+};
+
 struct ResourceLoaderOptions {
     ResourceLoaderOptions()
         : sendLoadCallbacks(DoNotSendCallbacks)
         , sniffContent(DoNotSniffContent)
         , dataBufferingPolicy(BufferData)
         , allowCredentials(DoNotAllowStoredCredentials)
         , credentialsRequested(ClientDidNotRequestCredentials)
         , crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials)
-        , securityCheck(DoSecurityCheck) { }
+        , securityCheck(DoSecurityCheck)
+        , cspCheck(CheckContentSecurityPolicy) { }
 
     ResourceLoaderOptions(
         SendCallbackPolicy sendLoadCallbacks,
         ContentSniffingPolicy sniffContent,
         DataBufferingPolicy dataBufferingPolicy,
         StoredCredentials allowCredentials,
         CredentialRequest credentialsRequested,
         ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy,
-        SecurityCheckPolicy securityCheck)
+        SecurityCheckPolicy securityCheck,
+        ContentSecurityPolicyCheck cspCheck)
         : sendLoadCallbacks(sendLoadCallbacks)
         , sniffContent(sniffContent)
         , dataBufferingPolicy(dataBufferingPolicy)
         , allowCredentials(allowCredentials)
         , credentialsRequested(credentialsRequested)
         , crossOriginCredentialPolicy(crossOriginCredentialPolicy)
         , securityCheck(securityCheck)
+        , cspCheck(cspCheck)
     {
     }
     SendCallbackPolicy sendLoadCallbacks;
     ContentSniffingPolicy sniffContent;
     DataBufferingPolicy dataBufferingPolicy;
     StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
     CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
     ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
     SecurityCheckPolicy securityCheck;
+    ContentSecurityPolicyCheck cspCheck;

[abarth-chromium, 2013/05/16 21:09:16]

cspCheck -> contentSecurityPolicyOption

We prefer to use complete words in variable names.  Usually we'd call this sort
of thing a "policy", but that doesn't read so well because "content security
policy" ends with the word policy.  "Check" doesn't mean anything, so "option"
is probably the next best option.

[jww, 2013/05/16 21:37:46]

Done.

 };
 
 } // namespace WebCore    
 
 #endif // ResourceLoaderOptions_h