Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad…

Source/core/loader/CrossOriginAccessControl.cpp

Index: Source/core/loader/CrossOriginAccessControl.cpp
diff --git a/Source/core/loader/CrossOriginAccessControl.cpp b/Source/core/loader/CrossOriginAccessControl.cpp
index e77bf5db6299552e9fa4cb622ba05f6cd52566a9..ab10766a782e96efa2b4cd58b8047430f3858120 100644
--- a/Source/core/loader/CrossOriginAccessControl.cpp
+++ b/Source/core/loader/CrossOriginAccessControl.cpp
@@ -101,7 +101,9 @@ void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* sec
 {
     request.removeCredentials();
     request.setAllowCookies(allowCredentials == AllowStoredCredentials);
-    request.setHTTPOrigin(securityOrigin->toString());
+
+    if (securityOrigin)
+        request.setHTTPOrigin(securityOrigin->toString());
 }
 
 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin)