More tweaks to <script nonce> hiding.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index 01a1cbdb8af34e576922d8e06e9fc31c11821e5f..5d0c7bfbefe330c0e72ffccf82066662ef06b67c 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -412,7 +412,6 @@ class CORE_EXPORT ContentSecurityPolicy
       SchemeRegistry::PolicyAreas = SchemeRegistry::kPolicyAreaAll);
 
   static bool IsNonceableElement(const Element*);
-  static const char* GetNonceReplacementString() { return "[Replaced]"; }
 
   // This method checks whether the request should be allowed for an
   // experimental EmbeddingCSP feature
@@ -431,6 +430,8 @@ class CORE_EXPORT ContentSecurityPolicy
 
   Document* GetDocument() const;
 
+  bool HasHeaderDeliveredPolicy() const { return header_delivered_; }
+
  private:
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline);
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy);
@@ -466,6 +467,7 @@ class CORE_EXPORT ContentSecurityPolicy
   bool override_inline_style_allowed_;
   CSPDirectiveListVector policies_;
   ConsoleMessageVector console_messages_;
+  bool header_delivered_{false};
 
   HashSet<unsigned, AlreadyHashed> violation_reports_sent_;