WebKit merge 41660:41709 (WebKit side)....

third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp

Index: third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp
===================================================================
--- third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp	(revision 11711)
+++ third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp	(working copy)
@@ -36,12 +36,15 @@
 
 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name)
 {
-    return equalIgnoringCase(name, "accept") || equalIgnoringCase(name, "accept-language") || equalIgnoringCase(name, "content-type");
+    return equalIgnoringCase(name, "accept")
+            || equalIgnoringCase(name, "accept-language")
+            || equalIgnoringCase(name, "content-language")
+            || equalIgnoringCase(name, "content-type");
 }
 
 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap)
 {
-    if (method != "GET" && method != "POST")
+    if (method != "GET" && method != "HEAD" && method != "POST")
         return false;
 
     HTTPHeaderMap::const_iterator end = headerMap.end();
@@ -50,6 +53,15 @@
             return false;
     }
 
+    HTTPHeaderMap::const_iterator contentTypeIter = headerMap.find("Content-Type");
+    if (contentTypeIter != headerMap.end()) {
+        const String& contentType = contentTypeIter->second;
+        if (!equalIgnoringCase(contentType, "application/x-www-form-urlencoded")
+             && !equalIgnoringCase(contentType, "multipart/form-data")
+             && !equalIgnoringCase(contentType, "text/plain"))
+            return false;
+    }
+
     return true;
 }