Index: content/browser/webui/url_data_manager_backend.cc |
diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc |
index cda08bbda0d2e0f596df81a6eccebd6f7cd2c56f..f4ac9f1e1aea09d04d3d4a39beb88fa0642750f5 100644 |
--- a/content/browser/webui/url_data_manager_backend.cc |
+++ b/content/browser/webui/url_data_manager_backend.cc |
@@ -271,6 +271,8 @@ void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { |
// indistiguishable from other error types. Instant relies on getting a 200. |
info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK"); |
+ info->headers->AddHeader("Access-Control-Allow-Origin: *"); |
dglazkov
2014/09/29 17:01:21
Is '*' really what you want here?
dzhioev (left Google)
2014/09/29 17:32:11
It seems 'Access-Control-Allow-Origin' can be eith
|
+ |
// Determine the least-privileged content security policy header, if any, |
// that is compatible with a given WebUI URL, and append it to the existing |
// response headers. |