Save-Data should not be added to CORS Access-Control-Request-Headers

third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

Index: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp
diff --git a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp
index 672aebb6adf022d6309b0c385037d1fafb0a7101..2e5402146d758872cb21a33eed179c8f661def44 100644
--- a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp
+++ b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp
@@ -94,6 +94,12 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque
                 // Access-Control-Request-Headers header.
                 continue;
             }
+            if (equalIgnoringCase(header.key, "save-data")) {
+                // As a short-term fix, filter Save-Data out of
+                // Access-Control-Request-Headers header. Longer-term all simple
+                // headers should be filtered out as well.
+                continue;
+            }
             headers.append(header.key.lower());
         }
         std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);