Refactor nonce support.

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-reportonly-allowed.php

Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-reportonly-allowed.php
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-reportonly-allowed.php b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-reportonly-allowed.php
new file mode 100644
index 0000000000000000000000000000000000000000..5d0624d6cd7867dfd9bbd9977a251cfe42ce8835
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/script-reportonly-allowed.php
@@ -0,0 +1,20 @@
+<?php
+    header("Content-Security-Policy-Report-Only: script-src 'self' 'nonce-abc'");
+?>
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script nonce="abc">
+    async_test(t => {
+        var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
+        watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
+            assert_equals(e.blockedURI, "inline");
+            assert_equals(e.lineNumber, 15);
+        }));
+    }, "Unnonced script blocks generate reports.");
+
+    var executed_test = async_test("Unnonced script blocks execute.");
+</script>
+<script>
+    executed_test.done();
+</script>

[estark, 2016/06/02 19:52:37]

Perhaps this should also test that "mis-nonced" script blocks also generate
reports? (i.e. a similar test but for a script block that has a nonce that
doesn't appear in the policy)

[Mike West, 2016/06/04 06:30:56]

I added a number of new tests for scripts and styles. Thanks!