[web_engine] Use standard CORS header exemption list.

Configures the NetworkContext to permit CORS requests with headers
"Purpose" or "X-Requested-With" headers. These headers are safe and
used for resource preloading and CSRF blocking, respectively.

Previously, the Chromium netstack would block resources from loading if
either of these headers were set.

Bug: 1011905
Change-Id: I994ad2adddca5d00226e603b37c87d57cca69e1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846013Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Kevin Marshall <kmarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#703479}

fuchsia/engine/browser/web_engine_content_browser_client.cc

@@ -10,7 +10,9 @@
 
 #include "base/stl_util.h"
 #include "components/version_info/version_info.h"
+#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/devtools_manager_delegate.h"
+#include "content/public/browser/network_service_instance.h"
 #include "content/public/common/user_agent.h"
 #include "content/public/common/web_preferences.h"
 #include "fuchsia/engine/browser/url_request_rewrite_rules_manager.h"
@@ -20,6 +22,7 @@
 #include "fuchsia/engine/common/web_engine_content_client.h"
 #include "fuchsia/engine/common/web_engine_url_loader_throttle.h"
 #include "fuchsia/engine/switches.h"
+#include "services/network/public/mojom/network_service.mojom.h"
 
 namespace {
 
@@ -166,3 +169,24 @@ WebEngineContentBrowserClient::CreateURLLoaderThrottles(
       UrlRequestRewriteRulesManager::ForFrameTreeNodeId(frame_tree_node_id)));
   return throttles;
 }
+
+mojo::Remote<network::mojom::NetworkContext>
+WebEngineContentBrowserClient::CreateNetworkContext(
+    content::BrowserContext* context,
+    bool in_memory,
+    const base::FilePath& relative_partition_path) {
+  // Same as ContentBrowserClient::CreateNetworkContext().
+  mojo::Remote<network::mojom::NetworkContext> network_context;
+  network::mojom::NetworkContextParamsPtr context_params =
+      network::mojom::NetworkContextParams::New();
+  context_params->user_agent = GetUserAgent();
+  context_params->accept_language = "en-us,en";
+
+  // Whitelist some headers to be used for CORS requests, e.g. for resource
+  // prefetching.
+  content::UpdateCorsExemptHeader(context_params.get());
+
+  content::GetNetworkService()->CreateNetworkContext(
+      network_context.BindNewPipeAndPassReceiver(), std::move(context_params));
+  return network_context;
+}

fuchsia/engine/browser/web_engine_content_browser_client.h

@@ -10,6 +10,7 @@
 #include <fuchsia/web/cpp/fidl.h>
 #include <memory>
 #include <string>
+#include <vector>
 
 #include "base/macros.h"
 #include "content/public/browser/content_browser_client.h"
@@ -55,6 +56,10 @@ class WebEngineContentBrowserClient : public content::ContentBrowserClient {
       const base::RepeatingCallback<content::WebContents*()>& wc_getter,
       content::NavigationUIData* navigation_ui_data,
       int frame_tree_node_id) final;
+  mojo::Remote<network::mojom::NetworkContext> CreateNetworkContext(
+      content::BrowserContext* context,
+      bool in_memory,
+      const base::FilePath& relative_partition_path) override;
 
  private:
   fidl::InterfaceRequest<fuchsia::web::Context> request_;