CSP: Measure whether we can treat '<meta http-refresh>' as inline script.

third_party/WebKit/Source/core/loader/HttpEquiv.cpp

Index: third_party/WebKit/Source/core/loader/HttpEquiv.cpp
diff --git a/third_party/WebKit/Source/core/loader/HttpEquiv.cpp b/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
index 88453fb35eb87933f5cb1f4992f10f5481bd4232..083f1126735ed6cc8c394f1c2369997476808c48 100644
--- a/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
+++ b/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
@@ -78,6 +78,10 @@ void HttpEquiv::processHttpEquivDefaultStyle(Document& document, const AtomicStr
 
 void HttpEquiv::processHttpEquivRefresh(Document& document, const AtomicString& content)
 {
+    UseCounter::count(document, UseCounter::MetaRefresh);
+    if (!document.contentSecurityPolicy()->allowInlineScript(KURL(), "", OrdinalNumber(), "", ContentSecurityPolicy::SuppressReport))
+        UseCounter::count(document, UseCounter::MetaRefreshWhenCSPBlocksInlineScript);
+
     document.maybeHandleHttpRefresh(content, Document::HttpRefreshFromMetaTag);
 }
 
@@ -87,6 +91,10 @@ void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString
     if (!document.isHTMLDocument())
         return;
 
+    UseCounter::count(document, UseCounter::MetaSetCookie);
+    if (!document.contentSecurityPolicy()->allowInlineScript(KURL(), "", OrdinalNumber(), "", ContentSecurityPolicy::SuppressReport))
+        UseCounter::count(document, UseCounter::MetaSetCookieWhenCSPBlocksInlineScript);
+
     // Exception (for sandboxed documents) ignored.
     document.setCookie(content, IGNORE_EXCEPTION);
 }