Add CORS headers to URLRequestRedirectJob.

net/url_request/url_request_redirect_job.cc

Index: net/url_request/url_request_redirect_job.cc
diff --git a/net/url_request/url_request_redirect_job.cc b/net/url_request/url_request_redirect_job.cc
index 15ebdcdf1c098afbc165eba8a0cc9088f263e030..dbcdb5a8b84db63c1ff7060b64d03f820f6649fd 100644
--- a/net/url_request/url_request_redirect_job.cc
+++ b/net/url_request/url_request_redirect_job.cc
@@ -89,6 +89,23 @@ void URLRequestRedirectJob::StartAsync() {
                          response_code_,
                          redirect_destination_.spec().c_str(),
                          redirect_reason_.c_str());
+
+  std::string http_origin;
+  const net::HttpRequestHeaders& request_headers =
+      request_->extra_request_headers();
+  if (request_headers.GetHeader("Origin", &http_origin)) {
+    // If this redirect is used in a cross-origin request, add CORS headers to
+    // make sure that the redirect gets through. Note that the destination URL
+    // is still subject to the usual CORS policy, i.e. the resource will only
+    // be available to web pages if the server serves the response with the
+    // required CORS response headers.
+    header_string += base::StringPrintf(
+        "\n"
+        "Access-Control-Allow-Origin: %s\n"
+        "Access-Control-Allow-Credentials: true",
+        http_origin.c_str());
+  }
+
   fake_headers_ = new HttpResponseHeaders(
       HttpUtil::AssembleRawHeaders(header_string.c_str(),
                                    header_string.length()));