Maybe add CORS headers to data reduction proxy redirect

When the data reduction proxy responds with a bypass message,
chromium constructs a redirect response and feeds that through
the network stack. This results in the request being retried
directly to the origin. If the original request had an
Origin header, then the manufactured redirect should have the
appropriate CORS headers.

BUG=415644

Review URL: https://codereview.chromium.org/603323002

Cr-Commit-Position: refs/heads/master@{#296942}

components/data_reduction_proxy/browser/data_reduction_proxy_protocol.cc

@@ -182,6 +182,20 @@ void OverrideResponseAsRedirect(
   (*override_response_headers)->RemoveHeader("Location");
   (*override_response_headers)->AddHeader("Location: " +
                                           request->url().spec());
+  std::string http_origin;
+  const net::HttpRequestHeaders& request_headers =
+      request->extra_request_headers();
+  if (request_headers.GetHeader("Origin", &http_origin)) {
+    // If this redirect is used in a cross-origin request, add CORS headers to
+    // make sure that the redirect gets through. Note that the destination URL
+    // is still subject to the usual CORS policy, i.e. the resource will only
+    // be available to web pages if the server serves the response with the
+    // required CORS response headers.
+    (*override_response_headers)->AddHeader(
+        "Access-Control-Allow-Origin: " + http_origin);
+    (*override_response_headers)->AddHeader(
+        "Access-Control-Allow-Credentials: true");
+  }
   // TODO(bengr): Should we pop_back the request->url_chain?
 }
 

components/data_reduction_proxy/browser/data_reduction_proxy_protocol_unittest.cc

@@ -353,6 +353,50 @@ TEST_F(DataReductionProxyProtocolTest, OverrideResponseAsRedirect) {
   }
 }
 
+// Tests that the response is correctly overwritten as a redirect with CORS
+// headers when an Origin header is provided in the initial request.
+TEST_F(DataReductionProxyProtocolTest, OverrideResponseAsRedirectCORS) {
+  net::TestURLRequestContext context;
+  const struct {
+    const char* headers;
+    const char* expected_headers;
+  } tests[] = {
+      { "HTTP/1.1 200 0K\n"
+        "Chrome-Proxy: block=1\n"
+        "Via: 1.1 Chrome-Compression-Proxy\n",
+
+        "HTTP/1.1 302 Found\n"
+        "Chrome-Proxy: block=1\n"
+        "Via: 1.1 Chrome-Compression-Proxy\n"
+        "Location: http://www.google.com/\n"
+        "Access-Control-Allow-Origin: http://www.else.com\n"
+        "Access-Control-Allow-Credentials: true\n"
+      },
+  };
+
+  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
+    std::string headers(tests[i].headers);
+    HeadersToRaw(&headers);
+    scoped_refptr<HttpResponseHeaders> original_response_headers(
+        new HttpResponseHeaders(headers));
+    scoped_refptr<HttpResponseHeaders> override_response_headers;
+    TestDelegate test_delegate;
+    scoped_ptr<net::URLRequest> request(
+        context.CreateRequest(GURL("http://www.google.com/"),
+                              net::DEFAULT_PRIORITY,
+                              NULL,
+                              NULL));
+    request->SetExtraRequestHeaderByName("Origin", "http://www.else.com", true);
+    OverrideResponseAsRedirect(request.get(), original_response_headers.get(),
+                               &override_response_headers);
+    int expected_flags = net::LOAD_DISABLE_CACHE | net::LOAD_BYPASS_PROXY;
+    EXPECT_EQ(expected_flags, request->load_flags());
+    std::string override_headers;
+    override_response_headers->GetNormalizedHeaders(&override_headers);
+    EXPECT_EQ(std::string(tests[i].expected_headers), override_headers);
+  }
+}
+
 
 // After each test, the proxy retry info will contain zero, one, or two of the
 // data reduction proxies depending on whether no bypass was indicated by the