Merge r5767 - Protect cookie headers from XHR...

Merge r5767 - Protect cookie headers from XHR

Add a flags to further control response header persistence.  We use this to
filter out Set-Cookie and Set-Cookie2 response headers from being forwarded to
the renderer.  This serves to prevent the renderer from having any access to
HttpOnly cookies, and it also prevents XMLHttpRequest consumers from being able
to read cookies in the HTTP response headers.  This is consistent with changes
made to Firefox and WebKit.

Patch by marius.schilder@gmail.com
R=deanm,darin
Review URL: http://codereview.chromium.org/11264
TBR=darin@chromium.org


Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=8529

[darin (slow to review), 2009-01-23 00:52:56]

LGTM