Set Origin header to "null" for cross origin redirects.

content/child/web_url_loader_impl.cc

Index: content/child/web_url_loader_impl.cc
diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
index e2cec70d33531e72ea4eb4d3a7a83f4120a9b233..5a595589341a241ed45bdc0c8821779e36e524d5 100644
--- a/content/child/web_url_loader_impl.cc
+++ b/content/child/web_url_loader_impl.cc
@@ -34,11 +34,13 @@
 #include "net/base/filename_util.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_errors.h"
+#include "net/http/http_request_headers.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/url_request/redirect_info.h"
 #include "net/url_request/url_request_data_job.h"
 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"
+#include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
 #include "third_party/WebKit/public/platform/WebURLLoadTiming.h"
@@ -562,6 +564,14 @@ bool WebURLLoaderImpl::Context::OnReceivedRedirect(
   if (redirect_info.new_method == old_method)
     new_request.setHTTPBody(request_.httpBody());
 
+  // This is necessary to avoid laundering the Origin header across redirects,
+  // which would break some CSRF protections. See the comment in
+  // URLRequest::Redirect in //net/url_request.cc for more information.
+  WebString origin_header =
+      WebString::fromUTF8(net::HttpRequestHeaders::kOrigin);
+  new_request.setHTTPHeaderField(
+      origin_header, request_.httpHeaderField(origin_header));
+
   // Protect from deletion during call to willSendRequest.
   scoped_refptr<Context> protect(this);