Improve handling of CORS redirects for some resource loads.

LayoutTests/http/tests/security/script-crossorigin-redirect-credentials.html

+<!DOCTYPE HTML>
+<script src="/js-test-resources/js-test.js"></script>
+<script>
+description("Testing the handling of CORS-enabled script fetch in the presence of 'credentialled' redirects.");
+
+// Explain the short form descriptions ('=>' representing the redirect.)
+debug("PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'");
+debug("");
+
+var redirect_cors = "use-credentials";
+
+window.jsTestIsAsync = true;
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+function finish() {
+    if (window.testRunner)
+        finishJSTest();
+}
+
+function fail() {
+    debug("FAIL: " + this.description);
+    runNextTest();
+}
+
+function pass() {
+    debug("PASS: " + this.description);
+    runNextTest();
+}
+
+var tests = [
+    { description: "Anonymous request: credentialled => no-CORS script resource.",
+      url: "http://localhost:8000/security/resources/localScript.js",
+      // Redirect is allowed, but fails access check on the non-CORS resource.
+      success: false,
+      access: "anonymous"},
+    { description: "Anonymous request: credentialled => anonymous CORS script resource (same origin.)",
+      url: "http://localhost:8000/security/resources/script-allow-star.php",
+      // Redirect is allowed, as is access to the anonymous CORS resource.
+      success: true,
+      access: "anonymous"},
+    { description: "Anonymous request: credentialled => anonymous CORS script resource (cross origin.)",
+      url: "http://localhost:8080/security/resources/script-allow-star.php",
+      // Redirect is allowed, as is access (with origin 'null') to the CORS resource.
+      success: true,
+      access: "anonymous"},
+    { description: "Credentialled request: credentialled => credentialled-CORS script resource (same origin.)",
+      url: "http://localhost:8000/security/resources/script-allow-credentials.php",
+      // Redirect is allowed, as is access (with original origin) to the CORS resource.
+      success: true,
+      access: "use-credentials"},
+    { description: "Credentialled request: credentialled => credentialled-CORS script resource (cross origin.)",
+      url: "http://127.0.0.1:8000/security/resources/script-allow-credentials.php",
+      // Redirect is allowed, source origin mutates to 'null', so credentialled resource not accessible.
+      success: false,
+      access: "use-credentials"},
+    { description: "Credentialled request: credentialled => anonymous-CORS script resource (same origin.)",
+      url: "http://localhost:8000/security/resources/script-allow-star.php",
+      // Redirect is allowed, but anonymous resource with * as allowed origins is not accessible.
+      success: false,
+      access: "use-credentials"},
+    { description: "Credentialled request: credentialled => anonymous-CORS script resource (cross origin.)",
+      url: "http://127.0.0.1:8000/security/resources/script-allow-star.php",
+      // Redirect is allowed, source origin mutates to 'null', so anonymous resource with * as allowed origins is not accessible.
+      success: false,
+      access: "use-credentials"},
+    ];
+
+function runNextTest() {
+    if (!tests.length) {
+        finish();
+        return;
+    }
+    var test = tests.shift();
+    var script = document.createElement("script");
+    script.onload = test.success ? pass : fail;
+    script.onerror = test.success ? fail : pass;
+    script.crossOrigin = test.access;
+    script.description = test.description;
+    var args = [ "mode=" + redirect_cors,
+                 "url=" + test.url];
+    script.src = "http://localhost:8000/security/resources/cors-redirect.php?" + args.join("&");
+    document.body.appendChild(script);
+}
+window.onload = runNextTest;
+</script>