OOR-CORS: Remove cross-origin redirect support for BlinkCORS

ThrottlingURLLoader has a cross-origin redirect supporting code
for BlinkCORS as the redirect can be permitted by the BlinkCORS
checks. As OOR-CORS is fully enabled, this is not needed any more.

Bug: 1001450, 1053866
Change-Id: Ide21bae90f058bbbfe08dd0014526681c2e09a76
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2395477
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#804723}

third_party/blink/common/loader/throttling_url_loader.cc

@@ -510,23 +510,6 @@ void ThrottlingURLLoader::StartNow() {
         net::HTTP_TEMPORARY_REDIRECT,
         throttle_will_start_redirect_url_.spec().c_str());
 
-    // This is only needed when CORS is running in the renderer.
-    // TODO(crbug.com/1001450): Remove following code once OOR-CORS is fully
-    // enabled.
-    std::string http_origin;
-    if (start_info_->url_request.headers.GetHeader("Origin", &http_origin)) {
-      // If this redirect is used in a cross-origin request, add CORS headers
-      // to make sure that the redirect gets through. Note that the
-      // destination URL is still subject to the usual CORS policy, i.e. the
-      // resource will only be available to web pages if the server serves the
-      // response with the required CORS response headers.
-      header_string += base::StringPrintf(
-          "\n"
-          "Access-Control-Allow-Origin: %s\n"
-          "Access-Control-Allow-Credentials: true",
-          http_origin.c_str());
-    }
-
     response_head->headers = base::MakeRefCounted<net::HttpResponseHeaders>(
         net::HttpUtil::AssembleRawHeaders(header_string));
     response_head->encoded_data_length = header_string.size();