Set credentials mode "same-origin" when crossOrigin=anonymous is set.

third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp

Index: third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp
diff --git a/third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp b/third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp
index 288674f555af020f8721f50ac47c608c0fd2243f..e270b33140f3d9eb89dc3008af5b502d98f8b008 100644
--- a/third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp
+++ b/third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp
@@ -7,6 +7,7 @@
 
 #include "core/dom/Document.h"
 #include "core/fetch/FetchInitiatorInfo.h"
+#include "platform/CrossOriginAttributeValue.h"
 
 namespace blink {
 
@@ -37,15 +38,10 @@ FetchRequest PreloadRequest::resourceRequest(Document* document)
 
     if (m_resourceType == Resource::ImportResource) {
         SecurityOrigin* securityOrigin = document->contextDocument()->securityOrigin();
-        bool sameOrigin = securityOrigin->canRequest(request.url());
-        request.setCrossOriginAccessControl(securityOrigin,
-            sameOrigin ? AllowStoredCredentials : DoNotAllowStoredCredentials,
-            ClientDidNotRequestCredentials);
+        request.setCrossOriginAccessControl(securityOrigin, CrossOriginAttributeAnonymous);
     }
-
-    if (m_isCORSEnabled)
-        request.setCrossOriginAccessControl(document->securityOrigin(), m_allowCredentials);
-
+    if (m_crossOrigin != CrossOriginAttributeNotSet)
+        request.setCrossOriginAccessControl(document->securityOrigin(), m_crossOrigin);
     request.setDefer(m_defer);
     request.setResourceWidth(m_resourceWidth);
     request.clientHintsPreferences().updateFrom(m_clientHintsPreferences);