Set "origin" header from ResourceRequest::RequestorOrigin

In BaseFetchContext, "origin" header is set from
 - FetchContext's security origin, or
 - the referrer string.

On the other hand,
https://fetch.spec.whatwg.org/#http-network-or-cache-fetch says:

  If the CORS flag is set, httpRequest’s method is neither `GET` nor
  `HEAD`, or httpRequest’s mode is "websocket", then append
  `Origin`/the result of serializing a request origin with
  httpRequest, to httpRequest’s header list.

This CL makes it a bit more spec conformant by setting the header based
on ResourceRequest::RequestorOrigin.

Bug: 914739
Change-Id: Ia911ca1f2efaf2be080d891b1258f87230d57f2d
Reviewed-on: https://chromium-review.googlesource.com/c/1388344
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#626889}

third_party/blink/renderer/core/loader/base_fetch_context.cc

@@ -113,15 +113,12 @@ void BaseFetchContext::AddAdditionalRequestHeaders(ResourceRequest& request) {
     // and store it elsewhere. See https://crbug.com/850813.
     request.SetHTTPReferrer(SecurityPolicy::GenerateReferrer(
         referrer_policy_to_use, request.Url(), referrer_to_use));
-    request.SetHTTPOriginIfNeeded(
-        fetch_client_settings_object.GetSecurityOrigin());
   } else {
     CHECK_EQ(
         SecurityPolicy::GenerateReferrer(request.GetReferrerPolicy(),
                                          request.Url(), request.HttpReferrer())
             .referrer,
         request.HttpReferrer());
-    request.SetHTTPOriginToMatchReferrerIfNeeded();
   }
 
   auto address_space = GetAddressSpace();

third_party/blink/renderer/core/loader/frame_fetch_context_test.cc

@@ -1101,7 +1101,6 @@ TEST_F(FrameFetchContextTest, AddAdditionalRequestHeadersWhenDetached) {
 
   GetFetchContext()->AddAdditionalRequestHeaders(request);
 
-  EXPECT_EQ(origin, request.HttpHeaderField(http_names::kOrigin));
   EXPECT_EQ(String(origin + "/"),
             request.HttpHeaderField(http_names::kReferer));
   EXPECT_EQ(String(), request.HttpHeaderField("Save-Data"));

third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc

@@ -884,7 +884,16 @@ Resource* ResourceFetcher::RequestResource(FetchParameters& params,
         properties_->GetFetchClientSettingsObject().GetSecurityOrigin());
   }
 
+  const ResourceType resource_type = factory.GetType();
+
+  if (!RuntimeEnabledFeatures::OutOfBlinkCorsEnabled() &&
+      resource_request.RequestorOrigin()) {
+    resource_request.SetHTTPOriginIfNeeded(
+        resource_request.RequestorOrigin().get());
+  }
+
   WebScopedVirtualTimePauser pauser;
+
   base::Optional<ResourceRequestBlockedReason> blocked_reason =
       PrepareRequest(params, factory, identifier, pauser);
   if (blocked_reason) {
@@ -892,8 +901,6 @@ Resource* ResourceFetcher::RequestResource(FetchParameters& params,
                                      client);
   }
 
-  ResourceType resource_type = factory.GetType();
-
   if (!params.IsSpeculativePreload()) {
     // Only log if it's not for speculative preload.
     Context().RecordLoadingActivity(resource_request, resource_type,