Fix SRI bypass by loading same resource twice in same origin.

third_party/WebKit/Source/core/fetch/ScriptResource.cpp

Index: third_party/WebKit/Source/core/fetch/ScriptResource.cpp
diff --git a/third_party/WebKit/Source/core/fetch/ScriptResource.cpp b/third_party/WebKit/Source/core/fetch/ScriptResource.cpp
index 686d4ac4b55ba0abace1d1225a85881083ec4603..74756eb8a952a3f160d823170449efd1b87b177b 100644
--- a/third_party/WebKit/Source/core/fetch/ScriptResource.cpp
+++ b/third_party/WebKit/Source/core/fetch/ScriptResource.cpp
@@ -48,7 +48,7 @@ ResourcePtr<ScriptResource> ScriptResource::fetch(FetchRequest& request, Resourc
 }
 
 ScriptResource::ScriptResource(const ResourceRequest& resourceRequest, const String& charset)
-    : TextResource(resourceRequest, Script, "application/javascript", charset), m_integrityChecked(false)
+    : TextResource(resourceRequest, Script, "application/javascript", charset), m_integrityDisposition(ScriptIntegrityDisposition::NotChecked)
 {
     DEFINE_STATIC_LOCAL(const AtomicString, acceptScript, ("*/*", AtomicString::ConstructFromLiteral));
 
@@ -118,6 +118,11 @@ bool ScriptResource::mimeTypeAllowedByNosniff() const
     return parseContentTypeOptionsHeader(m_response.httpHeaderField(HTTPNames::X_Content_Type_Options)) != ContentTypeOptionsNosniff || MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType());
 }
 
+void ScriptResource::setIntegrityDisposition(ScriptIntegrityDisposition disposition)
+{
+    ASSERT(disposition != ScriptIntegrityDisposition::NotChecked);
+    m_integrityDisposition = disposition;
+}
 bool ScriptResource::mustRefetchDueToIntegrityMetadata(const FetchRequest& request) const
 {
     if (request.integrityMetadata().isEmpty())