Index: net/url_request/url_request_redirect_job.cc |
diff --git a/net/url_request/url_request_redirect_job.cc b/net/url_request/url_request_redirect_job.cc |
index 15ebdcdf1c098afbc165eba8a0cc9088f263e030..dbcdb5a8b84db63c1ff7060b64d03f820f6649fd 100644 |
--- a/net/url_request/url_request_redirect_job.cc |
+++ b/net/url_request/url_request_redirect_job.cc |
@@ -89,6 +89,23 @@ void URLRequestRedirectJob::StartAsync() { |
response_code_, |
redirect_destination_.spec().c_str(), |
redirect_reason_.c_str()); |
+ |
+ std::string http_origin; |
+ const net::HttpRequestHeaders& request_headers = |
+ request_->extra_request_headers(); |
+ if (request_headers.GetHeader("Origin", &http_origin)) { |
+ // If this redirect is used in a cross-origin request, add CORS headers to |
+ // make sure that the redirect gets through. Note that the destination URL |
+ // is still subject to the usual CORS policy, i.e. the resource will only |
+ // be available to web pages if the server serves the response with the |
+ // required CORS response headers. |
+ header_string += base::StringPrintf( |
+ "\n" |
+ "Access-Control-Allow-Origin: %s\n" |
+ "Access-Control-Allow-Credentials: true", |
+ http_origin.c_str()); |
+ } |
+ |
fake_headers_ = new HttpResponseHeaders( |
HttpUtil::AssembleRawHeaders(header_string.c_str(), |
header_string.length())); |