Add suggestion to use "no-cors" with Fetch fails CORS check.

Source/core/fetch/CrossOriginAccessControl.cpp

 /*
  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 140 matching lines @@
             errorDescription = buildAccessControlFailureMessage("A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.", securityOrigin);
             return false;
         }
     } else if (allowOriginHeaderValue != securityOrigin->toAtomicString()) {
         if (allowOriginHeaderValue.isNull()) {
             errorDescription = buildAccessControlFailureMessage("No 'Access-Control-Allow-Origin' header is present on the requested resource.", securityOrigin);
 
             if (isInterestingStatusCode(statusCode))
                 errorDescription.append(" The response had HTTP status code " + String::number(statusCode) + ".");
 
+            errorDescription.append(" Alternatively, if you want an opaque response, switch to The Fetch API in 'no-cors' mode.");

[hiroshige, 2015/08/28 08:24:23]

nit: s/The Fetch API/the Fetch API/

+
             return false;
         }
 
         String detail;
         if (allowOriginHeaderValue.string().find(isOriginSeparator, 0) != kNotFound) {
             detail = "The 'Access-Control-Allow-Origin' header contains multiple values '" + allowOriginHeaderValue + "', but only one is allowed.";
         } else {
             KURL headerOrigin(KURL(), allowOriginHeaderValue);
             if (!headerOrigin.isValid())
                 detail = "The 'Access-Control-Allow-Origin' header contains the invalid value '" + allowOriginHeaderValue + "'.";
             else
                 detail = "The 'Access-Control-Allow-Origin' header has a value '" + allowOriginHeaderValue + "' that is not equal to the supplied origin.";
         }
         errorDescription = buildAccessControlFailureMessage(detail, securityOrigin);
+        errorDescription.append(" Either change the header, or, if you want an opaque response, use the Fetch API in 'no-cors' mode.");
         return false;
     }
 
     if (includeCredentials == AllowStoredCredentials) {
         const AtomicString& allowCredentialsHeaderValue = response.httpHeaderField(allowCredentialsHeaderName);
         if (allowCredentialsHeaderValue != "true") {
             errorDescription = buildAccessControlFailureMessage("Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is '" + allowCredentialsHeaderValue + "'. It must be 'true' to allow credentials.", securityOrigin);
             return false;
         }
     }
@@ skipping 84 matching lines @@
         newRequest.setHTTPOrigin(securityOrigin->toAtomicString());
         // If the user didn't request credentials in the first place, update our
         // state so we neither request them nor expect they must be allowed.
         if (options.credentialsRequested == ClientDidNotRequestCredentials)
             options.allowCredentials = DoNotAllowStoredCredentials;
     }
     return true;
 }
 
 } // namespace blink