More tweaks to <script nonce> hiding.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
index 6ebc27712276f2c51f0802b69a8909b4925107cc..85aa6a8da9cffb913e81560bf720981d6c173b6e 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -94,9 +94,8 @@ bool CheckHeaderTypeMatches(
 }  // namespace
 
 bool ContentSecurityPolicy::IsNonceableElement(const Element* element) {
-  if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled() &&
-      isHTMLScriptElement(element)) {
-    if (toHTMLScriptElement(element)->nonce().IsNull())
+  if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled()) {
+    if (element->nonce().IsNull())
       return false;
   } else if (!element->FastHasAttribute(HTMLNames::nonceAttr)) {
     return false;
@@ -319,6 +318,9 @@ void ContentSecurityPolicy::AddPolicyFromHeaderValue(
     return;
   }
 
+  if (source == kContentSecurityPolicyHeaderSourceHTTP)
+    header_delivered_ = true;
+
   Vector<UChar> characters;
   header.AppendTo(characters);