[Origin Policy] Change request header default to "0".

Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).

Bug: 751996, 901477
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607246}

content/browser/frame_host/origin_policy_throttle.cc

@@ -22,7 +22,7 @@
 
 namespace {
 // Constants derived from the spec, https://github.com/WICG/origin-policy
-static const char* kDefaultPolicy = "1";
+static const char* kDefaultPolicy = "0";
 static const char* kDeletePolicy = "0";
 static const char* kWellKnown = "/.well-known/origin-policy/";
 

content/browser/frame_host/origin_policy_throttle_unittest.cc

@@ -41,7 +41,7 @@ class OriginPolicyThrottleTest : public RenderViewHostTestHarness,
   void CreateHandleFor(const GURL& url) {
     net::HttpRequestHeaders headers;
     if (OriginPolicyThrottle::ShouldRequestOriginPolicy(url, nullptr))
-      headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "1");
+      headers.SetHeader(net::HttpRequestHeaders::kSecOriginPolicy, "0");
 
     // Except for url and headers (which are determined by the test case)
     // all parameters below are cargo-culted from
@@ -101,7 +101,7 @@ TEST_P(OriginPolicyThrottleTest, ShouldRequestLastKnownVersion) {
   std::string version;
 
   OriginPolicyThrottle::ShouldRequestOriginPolicy(url, &version);
-  EXPECT_EQ(version, "1");
+  EXPECT_EQ(version, "0");
 
   OriginPolicyThrottle::GetKnownVersionsForTesting()[url::Origin::Create(url)] =
       "abcd";