Preserve custom headers when following cross-origin redirects.

third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
index f7f1622aab03358c717827a354bdc4b488b71504..56d92e96bc6ff124dc6683f94eb0a08ecfb796c7 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
@@ -199,21 +199,12 @@ void DocumentThreadableLoader::start(const ResourceRequest& request) {
 
   m_requestStartedSeconds = monotonicallyIncreasingTime();
 
-  // Save any CORS simple headers on the request here. If this request redirects
+  // Save any headers on the request here. If this request redirects
   // cross-origin, we cancel the old request create a new one, and copy these
   // headers.
   const HTTPHeaderMap& headerMap = request.httpHeaderFields();

[yhirano, 2016/11/07 12:30:50]

m_requestHeaders = request.httpHeaderFields();

[Jack Bates, 2016/11/12 21:13:30]

Done.

   for (const auto& header : headerMap) {
-    if (FetchUtils::isSimpleHeader(header.key, header.value)) {
-      m_simpleRequestHeaders.add(header.key, header.value);
-    } else if (equalIgnoringCase(header.key, HTTPNames::Range) &&
-               m_options.crossOriginRequestPolicy == UseAccessControl &&
-               m_options.preflightPolicy == PreventPreflight) {
-      // Allow an exception for the "range" header for when CORS callers request
-      // no preflight, this ensures cross-origin redirects work correctly for
-      // crossOrigin enabled WebURLRequest::RequestContextVideo type requests.
-      m_simpleRequestHeaders.add(header.key, header.value);
-    }
+    m_requestHeaders.add(header.key, header.value);
   }
 
   // DocumentThreadableLoader is used by all javascript initiated fetch, so we
@@ -644,7 +635,7 @@ bool DocumentThreadableLoader::redirectReceived(
   crossOriginRequest.clearHTTPUserAgent();
   // Add any CORS simple request headers which we previously saved from the
   // original request.
-  for (const auto& header : m_simpleRequestHeaders)
+  for (const auto& header : m_requestHeaders)
     crossOriginRequest.setHTTPHeaderField(header.key, header.value);
   makeCrossOriginAccessRequest(crossOriginRequest);