Enabled CORS for chrome://resources.

content/browser/webui/shared_resources_data_source.cc

Index: content/browser/webui/shared_resources_data_source.cc
diff --git a/content/browser/webui/shared_resources_data_source.cc b/content/browser/webui/shared_resources_data_source.cc
index 09711d98aa3dd0fe74f5f44afb92efaabc697861..2ce6e147b098dc598f75b2d7e0577de0256f26cb 100644
--- a/content/browser/webui/shared_resources_data_source.cc
+++ b/content/browser/webui/shared_resources_data_source.cc
@@ -89,3 +89,17 @@ std::string SharedResourcesDataSource::GetMimeType(
   net::GetMimeTypeFromFile(base::FilePath().AppendASCII(path), &mime_type);
   return mime_type;
 }
+
+std::string
+SharedResourcesDataSource::GetAccessControlAllowOriginForOrigin(
+    const std::string& origin) const {
+  // For now we give access only for "chrome://*" origins.
+  // According to CORS spec, Access-Control-Allow-Origin header doesn't support
+  // wildcards, so we need to set its value explicitly by passing the |origin|
+  // back.
+  std::string allowed_origin_prefix = content::kChromeUIScheme;
+  allowed_origin_prefix += "://";
+  if (origin.find(allowed_origin_prefix) != 0)
+    return "none";
+  return origin;
+}