Make net::HttpRequestHeaders::AddHeadersFromString split on NL

net/http/http_request_headers.h

Index: net/http/http_request_headers.h
diff --git a/net/http/http_request_headers.h b/net/http/http_request_headers.h
index 62ec37cab9f4f759df67b7ebaf971f69abcb6555..946a47e03f944a73afc6924cd316d7dfb391e600 100644
--- a/net/http/http_request_headers.h
+++ b/net/http/http_request_headers.h
@@ -112,7 +112,8 @@ class NET_EXPORT HttpRequestHeaders {
   void RemoveHeader(const base::StringPiece& key);
 
   // Parses the header from a string and calls SetHeader() with it.  This string
-  // should not contain any CRLF.  As per RFC7230 Section 3.2, the format is:
+  // should not contain any CRLF.  Individual CR and LF are also prohibited.
+  // As per RFC7230 Section 3.2, the format is:
   //
   // header-field   = field-name ":" OWS field-value OWS
   //
@@ -131,7 +132,9 @@ class NET_EXPORT HttpRequestHeaders {
 
   // Same thing as AddHeaderFromString() except that |headers| is a "\r\n"
   // delimited string of header lines.  It will split up the string by "\r\n"
-  // and call AddHeaderFromString() on each.
+  // and call AddHeaderFromString() on each.  Individual "\r" and "\n" are also
+  // treated as delimeters, to protect against "header smuggling", but callers
+  // should always use "\r\n" as the delimiter.
   void AddHeadersFromString(const base::StringPiece& headers);
 
   // Calls SetHeader() on each header from |other|, maintaining order.