Leave out empty-valued Access-Control-Request-Headers: on preflights.

third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp

Index: third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp
diff --git a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp
index 744bd0f4332ba71861e82b554ab1e27f6577c0d1..9ce090060c52b38fd310750cb354875576e9a110 100644
--- a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp
+++ b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp
@@ -48,7 +48,11 @@ TEST_F(CreateAccessControlPreflightRequestTest, ExcludeSimpleHeaders) {
   ResourceRequest preflight =
       createAccessControlPreflightRequest(request, m_securityOrigin.get());
 
-  EXPECT_EQ("", preflight.httpHeaderField("Access-Control-Request-Headers"));
+  // Do not emit empty-valued headers; an empty list of non-"CORS safelisted"
+  // request headers should cause "Access-Control-Request-Headers:" to be
+  // left out in the preflight request.
+  EXPECT_EQ(nullAtom,
+            preflight.httpHeaderField("Access-Control-Request-Headers"));
 }
 
 TEST_F(CreateAccessControlPreflightRequestTest,
@@ -59,7 +63,9 @@ TEST_F(CreateAccessControlPreflightRequestTest,
   ResourceRequest preflight =
       createAccessControlPreflightRequest(request, m_securityOrigin.get());
 
-  EXPECT_EQ("", preflight.httpHeaderField("Access-Control-Request-Headers"));
+  // Empty list also; see comment in test above.
+  EXPECT_EQ(nullAtom,
+            preflight.httpHeaderField("Access-Control-Request-Headers"));
 }
 
 TEST_F(CreateAccessControlPreflightRequestTest, IncludeNonSimpleHeader) {