Include the Origin header for XHR and Fetch API even if the request is same-origin

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html

Index: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html
index aac852c321174d7d978d06ab4400e4beb82db399..abcf0bada2b34e35677c81a52874a179d1aadadc 100644
--- a/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html
+++ b/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/xhr-to-blob-in-isolated-world.html
@@ -6,8 +6,16 @@ if (!window.testRunner) {
     document.body.appendChild(document.createTextNode("This test requires window.testRunner"));
 } else {
     testRunner.dumpAsText();
-    testRunner.setIsolatedWorldSecurityOrigin(1, "chrome-extension://123");
-    testRunner.evaluateScriptInIsolatedWorld(1, "var xhr = new XMLHttpRequest(); xhr.open('GET', 'blob:chrome-extension://123/456789', false); xhr.send();");
+    // We're using a fake HTTP URL instead of chrome-extension: URL which is
+    // the most common use case of isolated world. This is because the
+    // ResourceDispatcherHostImpl validates Origin headers received from a
+    // renderer by consulting the ChildProcessSecurityPolicyImpl, and it
+    // doesn't allow the chrome-extension scheme in the content_shell. Instead
+    // of adding more test infrastructure for allowing the scheme, we chose to
+    // use the safe HTTP scheme as it's sufficient for the purpose of this test
+    // case.
+    testRunner.setIsolatedWorldSecurityOrigin(1, "http://123");
+    testRunner.evaluateScriptInIsolatedWorld(1, "var xhr = new XMLHttpRequest(); xhr.open('GET', 'blob:http://123/456789', false); xhr.send();");
 }
 </script>
 </body>