Implement script MIME restrictions for X-Content-Type-Options: nosniff for Workers

third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp

Index: third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp
diff --git a/third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp b/third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp
index 86d9f735399ecc53cef26e73357bfc1e57c83b19..d3be9db3a13ad3c429296b48aa9dbc0162ae9c9d 100644
--- a/third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp
+++ b/third_party/WebKit/Source/core/loader/resource/ScriptResource.cpp
@@ -100,10 +100,13 @@ void ScriptResource::destroyDecodedDataForFailedRevalidation() {
   m_script = AtomicString();
 }
 
-bool ScriptResource::mimeTypeAllowedByNosniff() const {
-  return parseContentTypeOptionsHeader(response().httpHeaderField(
+// static
+bool ScriptResource::mimeTypeAllowedByNosniff(
+    const ResourceResponse& response) {
+  return parseContentTypeOptionsHeader(response.httpHeaderField(
              HTTPNames::X_Content_Type_Options)) != ContentTypeOptionsNosniff ||
-         MIMETypeRegistry::isSupportedJavaScriptMIMEType(httpContentType());
+         MIMETypeRegistry::isSupportedJavaScriptMIMEType(
+             response.httpContentType());
 }
 
 }  // namespace blink