Add a X-Requested-With header to URL requests for PPAPI Flash (only).

content/renderer/render_frame_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_frame_impl.h"
 
 #include <map>
 #include <string>
 
 #include "base/auto_reset.h"
@@ skipping 2504 matching lines @@
           request.firstPartyForCookies(),
           &new_url)) {
     request.setURL(WebURL(new_url));
   }
 
   if (internal_data->is_cache_policy_override_set())
     request.setCachePolicy(internal_data->cache_policy_override());
 
   // The request's extra data may indicate that we should set a custom user
   // agent. This needs to be done here, after WebKit is through with setting the
-  // user agent on its own.
+  // user agent on its own. Similarly, it may indicate that we should set an
+  // X-Requested-With header. This must be done here to avoid breaking CORS
+  // checks.
   WebString custom_user_agent;
+  WebString requested_with;
   if (request.extraData()) {
     RequestExtraData* old_extra_data =
-        static_cast<RequestExtraData*>(
-            request.extraData());
+        static_cast<RequestExtraData*>(request.extraData());
+
     custom_user_agent = old_extra_data->custom_user_agent();
-
     if (!custom_user_agent.isNull()) {
       if (custom_user_agent.isEmpty())
         request.clearHTTPHeaderField("User-Agent");
       else
         request.setHTTPHeaderField("User-Agent", custom_user_agent);
     }
+
+    requested_with = old_extra_data->requested_with();
+    if (!requested_with.isNull()) {
+      if (requested_with.isEmpty())
+        request.clearHTTPHeaderField("X-Requested-With");
+      else
+        request.setHTTPHeaderField("X-Requested-With", requested_with);
+    }
   }
 
   // Add the default accept header for frame request if it has not been set
   // already.
   if ((request.frameType() == blink::WebURLRequest::FrameTypeTopLevel ||
        request.frameType() == blink::WebURLRequest::FrameTypeNested) &&
       request.httpHeaderField(WebString::fromUTF8(kAcceptHeader)).isEmpty()) {
     request.setHTTPHeaderField(WebString::fromUTF8(kAcceptHeader),
                                WebString::fromUTF8(kDefaultAcceptHeader));
   }
@@ skipping 42 matching lines @@
     parent_routing_id = -1;
   } else if (parent->isWebLocalFrame()) {
     parent_routing_id = FromWebFrame(parent)->GetRoutingID();
   } else {
     parent_routing_id = RenderFrameProxy::FromWebFrame(parent)->routing_id();
   }
 
   RequestExtraData* extra_data = new RequestExtraData();
   extra_data->set_visibility_state(render_view_->visibilityState());
   extra_data->set_custom_user_agent(custom_user_agent);
+  extra_data->set_requested_with(requested_with);
   extra_data->set_render_frame_id(routing_id_);
   extra_data->set_is_main_frame(frame == top_frame);
   extra_data->set_frame_origin(
       GURL(frame->document().securityOrigin().toString()));
   extra_data->set_parent_is_main_frame(frame->parent() == top_frame);
   extra_data->set_parent_render_frame_id(parent_routing_id);
   extra_data->set_allow_download(navigation_state->allow_download());
   extra_data->set_transition_type(transition_type);
   extra_data->set_should_replace_current_entry(should_replace_current_entry);
   extra_data->set_transferred_request_child_id(
@@ skipping 1108 matching lines @@
 
 #if defined(ENABLE_BROWSER_CDMS)
 RendererCdmManager* RenderFrameImpl::GetCdmManager() {
   if (!cdm_manager_)
     cdm_manager_ = new RendererCdmManager(this);
   return cdm_manager_;
 }
 #endif  // defined(ENABLE_BROWSER_CDMS)
 
 }  // namespace content