Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/nonces/scriptnonce-redirect.html 

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-noncynonce'"></meta>
    </head>
    <body>
        Script preloaded: <span id='preloaded'>UNKNOWN</span><br>
        <script nonce="noncynonce">
        if (window.internals) {
            var preloaded = internals.isPreloaded("../resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js");
            document.querySelector("#preloaded").innerText = preloaded ? "YES" : "NO";
        }
        </script>
        This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
        <script nonce='noncynonce' src='../resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js'></script>
        <script nonce="noncynonce">
        if (window.testRunner)
            testRunner.dumpAsText();
        </script>
    </body>
</html>