HTML Imports: Send credentials for same origin requests

Source/core/html/imports/HTMLImportsController.cpp

Index: Source/core/html/imports/HTMLImportsController.cpp
diff --git a/Source/core/html/imports/HTMLImportsController.cpp b/Source/core/html/imports/HTMLImportsController.cpp
index 5120efab9f238d98c5e8b427941cc50ce361d808..daae5cb4ca3821294d4b0a357b912af9d9f51e3d 100644
--- a/Source/core/html/imports/HTMLImportsController.cpp
+++ b/Source/core/html/imports/HTMLImportsController.cpp
@@ -87,7 +87,10 @@ HTMLImportChild* HTMLImportsController::load(HTMLImport* parent, HTMLImportChild
         return child;
     }
 
-    request.setCrossOriginAccessControl(securityOrigin(), DoNotAllowStoredCredentials);
+    bool sameOriginRequest = securityOrigin()->canRequest(request.url());
+    request.setCrossOriginAccessControl(
+        securityOrigin(), sameOriginRequest ? AllowStoredCredentials : DoNotAllowStoredCredentials,
+        ClientDidNotRequestCredentials);
     ResourcePtr<RawResource> resource = parent->document()->fetcher()->fetchImport(request);
     if (!resource)
         return 0;