Improve console log message for CORS failure

When a simple cross-origin request has been made and then blocked,
a log message of "blocked from loading" may sound confusing since we've
loaded the resource from the server but just prevented the response
from being delivered to the page.

When a redirect has been blocked, the error message should say that the
redirect has been blocked and the reason (e.g. whether the redirect location
is bad or the response didn't pass the CORS check) clearly.

BUG=417786
R=sof

Review-Url: https://codereview.chromium.org/1196423003
Cr-Commit-Position: refs/heads/master@{#408918}

third_party/WebKit/LayoutTests/http/tests/htmlimports/cors-same-origin-expected.txt

-CONSOLE ERROR: Imported resource from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 404.
+CONSOLE ERROR: Access to Imported resource at 'http://localhost:8080/htmlimports/resources/resources/hello.html?1' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 404.
 PASS basic.import.querySelector('h1').innerHTML is "Hello, CORS!"
 PASS nested.import.querySelector('#sameOriginNoCors').import is null
 PASS nested.import.querySelector('#sameOriginCors').import.querySelector('h1').innerHTML is "Hello, CORS!"

third_party/WebKit/LayoutTests/http/tests/htmlimports/cross-origin-expected.txt

-CONSOLE ERROR: Imported resource from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Imported resource at 'http://localhost:8080/htmlimports/resources/hello.html' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 PASS target.import is null
 PASS successfullyParsed is true
 

third_party/WebKit/LayoutTests/http/tests/htmlimports/import-script-block-crossorigin-dynamic-expected.txt

-CONSOLE ERROR: Script from origin 'http://127.0.0.1:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.
-CONSOLE ERROR: Script from origin 'http://127.0.0.1:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'http://localhost:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://127.0.0.1:8000/htmlimports/resources/external-script.js' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://127.0.0.1:8000/htmlimports/resources/cors-js.cgi' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'http://localhost:8000' is therefore not allowed access.
 This test ensures that crossorigin-marked script elements are blocked properly
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/navigation/beacon-cross-origin-redirect-blob-expected.txt

 PingLoader dispatched to 'http://127.0.0.1:8080/navigation/resources/redirection-response.php?status=302&simple=true&target=non-existent.php'.
 PingLoader dispatched to 'http://127.0.0.1:8080/navigation/resources/redirection-response.php?status=302&simple=false&target=non-existent.php'.
-CONSOLE ERROR: Redirect at origin 'http://127.0.0.1:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://127.0.0.1:8080/navigation/resources/redirection-response.php?status=302&simple=false&target=non-existent.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Verifying navigator.sendBeacon(Blob) non-CORS cross-origin redirect handling.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-no-credentials-prompt-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 401.
-CONSOLE ERROR: Image from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 401.
+CONSOLE ERROR: Access to Image at 'http://localhost:8000/security/resources/img-basic-auth.php?uid=41532' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 401.
+CONSOLE ERROR: Access to Image at 'http://localhost:8000/security/resources/img-basic-auth.php?uid=41533' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 401.
 No credentials should be prompted for on seeing a 401 for <img crossorigin>.
 
 PASS Non-CORS image resource failed to load

third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-anonymous-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://localhost:8000/security/resources/abe.png' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=anonymous&url=http://localhost:8000/security/resources/abe-allow-credentials.php' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=anonymous&url=http://127.0.0.1:8000/security/resources/abe-allow-credentials.php' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Testing the handling of CORS-enabled fetch in the presence of 'anonymous' redirects.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-credentials-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Image from origin 'http://127.0.0.1:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'null' is therefore not allowed access.
-CONSOLE ERROR: Image from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Image from origin 'http://127.0.0.1:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'null' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://localhost:8000/security/resources/abe.png' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://127.0.0.1:8080/security/resources/abe-allow-credentials.php' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'null' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://localhost:8000/security/resources/abe-allow-star.php' from origin 'http://localhost:8000' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://127.0.0.1:8000/security/resources/abe-allow-star.php' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'null' is therefore not allowed access.
 Testing the handling of CORS-enabled fetch in the presence of 'credentialled' redirects.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/img-crossorigin-redirect-no-cors-expected.txt

-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/abe.png' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/abe-allow-star.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/abe-allow-credentials.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://127.0.0.1:8000/security/resources/abe-allow-credentials.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Testing the handling of CORS-enabled fetch in the presence of 'No CORS' redirects.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/img-with-failed-cors-check-fails-to-load-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://localhost:8080/security/resources/red200x100.png' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 ALERT: PASS: The error event was called.
 This test passes if the image below does not load. 

third_party/WebKit/LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors-expected.txt

-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background.css?1' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background.css?2' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background.css?8' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background.css?9' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 PASS 
 PASS 
 PASS 

third_party/WebKit/LayoutTests/http/tests/security/link-crossorigin-stylesheet-reinserted-expected.txt

-CONSOLE ERROR: CSS stylesheet from origin 'http://127.0.0.1:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://127.0.0.1:8080/resources/slow-script.pl?delay=100' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Test that re-inserting a CORS-loading stylesheet is correctly handled.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/link-crossorigin-stylesheet-use-credentials-expected.txt

-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: CSS stylesheet from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background-allow-star.php?1' from origin 'http://localhost:8080' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to CSS stylesheet at 'http://localhost:8080/security/resources/green-background-allow-star.php?2' from origin 'http://localhost:8080' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Test that a linked stylesheet with a crossorigin=use-credentials attributes loads expected CORS enabled resources.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/local-image-from-remote-whitelisted-expected.txt

 
 This test is to see if a remote file can include a local image when the access has been white listed using addOriginAccessWhitelistEntry.
 
-Test Failed: Local image not loaded remotely.
+Test Passed. Local image loaded remotely.

third_party/WebKit/LayoutTests/http/tests/security/preload-script-crossorigin-fails-cross-origin-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?delay=100&cors=false&value=FAIL' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Preload of script with CORS failure only shows one error
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-fails-cross-origin-2-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?cors=false&value=FAIL' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 In an XHTML document, test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.
 
 PASS

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-fails-cross-origin-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?cors=false&value=FAIL' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Test that a script element with a crossorigin attribute does not load a cross-origin script when the resource sharing check fails on the response.
 
 PASS

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-loads-correctly-credentials-2-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?cors=false&credentials=true&value=FAIL' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 This test passes if the inserted script fails to load due to CORS.
 
 PASS (expected error reported)

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-anonymous-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/localScript.js' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=anonymous&url=http://localhost:8000/security/resources/script-allow-credentials.php' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=anonymous&url=http://127.0.0.1:8000/security/resources/script-allow-credentials.php' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Testing the handling of CORS-enabled script fetch in the presence of 'anonymous' redirects.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-credentials-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Script from origin 'http://127.0.0.1:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'null' is therefore not allowed access.
-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Script from origin 'http://127.0.0.1:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'null' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/localScript.js' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://127.0.0.1:8000/security/resources/script-allow-credentials.php' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin. Origin 'null' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/script-allow-star.php' from origin 'http://localhost:8000' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://127.0.0.1:8000/security/resources/script-allow-star.php' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'null' is therefore not allowed access.
 Testing the handling of CORS-enabled script fetch in the presence of 'credentialled' redirects.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/script-crossorigin-redirect-no-cors-expected.txt

-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Redirect at origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/localScript.js' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/script-allow-star.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://localhost:8000/security/resources/script-allow-credentials.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Redirect from 'http://localhost:8000/security/resources/cors-redirect.php?mode=no&url=http://127.0.0.1:8000/security/resources/script-allow-credentials.php' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Testing the handling of CORS-enabled
 
 PASS/FAIL descriptions are of the form, 'CORS request type': 'redirect CORS type' => 'resource'

third_party/WebKit/LayoutTests/http/tests/security/script-onerror-crossorigin-no-cors-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?fail=true&cors=false' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 The test passes if 'window.onerror' is not invoked on a script loaded with a 'crossorigin' attribute, but delivered without valid CORS headers.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/LayoutTests/http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8080/security/resources/alert-fail.js' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 This test passes if the script does not load.
 
 PASS

third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-bad-integrity-expected.txt

-CONSOLE ERROR: Script from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Script at 'http://localhost:8000/security/resources/cors-script.php?cors=false&value=ran2' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 This is a testharness.js-based test.
 PASS SRI on cross origin CORS disabled script, with bad integrity 
 Harness: the test ran to completion.

third_party/WebKit/LayoutTests/http/tests/security/text-track-crossorigin-expected.txt

 CONSOLE ERROR: Text track from origin 'http://localhost:8000' has been blocked from loading: Not at same origin as the document, and parent of track element does not have a 'crossorigin' attribute. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: Text track from origin 'http://localhost:8000' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Text track at 'http://localhost:8000/security/resources/captions-with-access-control-headers.php?count=0' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Tests loading cross-domain <track>.
 
 Loading without Access-Control-Allow-Origin header, no "crossorigin" attribute on <video>

third_party/WebKit/LayoutTests/http/tests/security/video-poster-cross-origin-crash-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: Access to Image at 'http://localhost:8080/misc/resources/compass.jpg' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 >>>

third_party/WebKit/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt

-CONSOLE ERROR: Image from origin 'http://localhost:8080' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 404.
+CONSOLE ERROR: Access to Image at 'http://localhost:8080/nonesuch.png' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 404.
 Test passes if it doesn't crash.
 
 

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt

-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000. The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8000' that is not equal to the supplied origin. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000. The request was redirected to a URL ('http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi') containing userinfo, which is disallowed for cross-origin requests.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://localhost:8000. The request was redirected to a URL ('foo://bar.cgi') which has a disallowed scheme for cross-origin requests.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi' to 'http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000' to 'http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8000' that is not equal to the supplied origin. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=http://localhost:8000' has been blocked by CORS policy: Redirect location 'http://username:password@localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi' contains userinfo, which is disallowed for cross-origin requests.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://localhost:8000. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=foo://bar.cgi&%20%20access-control-allow-origin=http://localhost:8000' has been blocked by CORS policy: Redirect location 'foo://bar.cgi' has a disallowed scheme for cross-origin requests.
 CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*. Response for preflight is invalid (redirect)
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit. The request was redirected to 'http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi', which is disallowed for cross-origin requests that require preflight.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit' to 'http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
 Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
 
 Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi without credentials

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt

 CONSOLE WARNING: line 22: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi. Redirect from 'http://localhost:8000/resources/redirect.php?url=http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi' to 'http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi. Redirect from 'http://localhost:8000/resources/redirect.php?url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi' to 'http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 Tests that redirects between origins are never allowed, even when access control is involved.
 
 Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.

third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/open-in-body-onload-sync-to-invalid-redirect-response-handling-expected.txt

-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
-CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
+CONSOLE ERROR: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/. Redirect from 'http://localhost:8000/xmlhttprequest/resources/redirect.php?url=/' to 'http://localhost:8000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access.
 XMLHttpRequest doesn't crash even when open() is invoked synchronously to handling of a redirect response to a cross-origin request.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

@@ -268,12 +268,12 @@ bool CrossOriginAccessControl::isLegalRedirectLocation(const KURL& requestURL, S
 {
     // CORS restrictions imposed on Location: URL -- http://www.w3.org/TR/cors/#redirect-steps (steps 2 + 3.)
     if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(requestURL.protocol())) {
-        errorDescription = "The request was redirected to a URL ('" + requestURL.getString() + "') which has a disallowed scheme for cross-origin requests.";
+        errorDescription = "Redirect location '" + requestURL.getString() + "' has a disallowed scheme for cross-origin requests.";
         return false;
     }
 
     if (!(requestURL.user().isEmpty() && requestURL.pass().isEmpty())) {
-        errorDescription = "The request was redirected to a URL ('" + requestURL.getString() + "') containing userinfo, which is disallowed for cross-origin requests.";
+        errorDescription = "Redirect location '" + requestURL.getString() + "' contains userinfo, which is disallowed for cross-origin requests.";
         return false;
     }
 
@@ -294,25 +294,24 @@ bool CrossOriginAccessControl::handleRedirect(SecurityOrigin* securityOrigin, Re
         String errorDescription;
 
         // Steps 3 & 4 - check if scheme and other URL restrictions hold.
-        bool allowRedirect = isLegalRedirectLocation(newURL, errorDescription);
-        if (allowRedirect) {
-            // Step 5: perform resource sharing access check.
-            allowRedirect = passesAccessControlCheck(redirectResponse, withCredentials, securityOrigin, errorDescription, newRequest.requestContext());
-            if (allowRedirect) {
-                RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(originalURL);
-                // Step 6: if the request URL origin is not same origin as the original URL's,
-                // set the source origin to a globally unique identifier.
-                if (!originalOrigin->canRequest(newURL)) {
-                    options.securityOrigin = SecurityOrigin::createUnique();
-                    securityOrigin = options.securityOrigin.get();
-                }
-            }
+        if (!isLegalRedirectLocation(newURL, errorDescription)) {
+            errorMessage = "Redirect from '" + originalURL.getString() + "' has been blocked by CORS policy: " + errorDescription;
+            return false;
         }
-        if (!allowRedirect) {
-            const String& originalOrigin = SecurityOrigin::create(originalURL)->toString();
-            errorMessage = "Redirect at origin '" + originalOrigin + "' has been blocked from loading by Cross-Origin Resource Sharing policy: " + errorDescription;
+
+        // Step 5: perform resource sharing access check.
+        if (!passesAccessControlCheck(redirectResponse, withCredentials, securityOrigin, errorDescription, newRequest.requestContext())) {
+            errorMessage = "Redirect from '" + originalURL.getString() + "' has been blocked by CORS policy: " + errorDescription;
             return false;
         }
+
+        RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(originalURL);
+        // Step 6: if the request URL origin is not same origin as the original URL's,
+        // set the source origin to a globally unique identifier.
+        if (!originalOrigin->canRequest(newURL)) {
+            options.securityOrigin = SecurityOrigin::createUnique();
+            securityOrigin = options.securityOrigin.get();
+        }
     }
     if (redirectCrossOrigin) {
         // If now to a different origin, update/set Origin:.

third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

@@ -260,7 +260,7 @@ bool ResourceFetcher::canAccessResponse(Resource* resource, const ResourceRespon
         resource->setCORSFailed();
         if (!forPreload) {
             String resourceType = Resource::resourceTypeToString(resource->getType(), resource->options().initiatorInfo);
-            context().addConsoleMessage(resourceType + " from origin '" + SecurityOrigin::create(response.url())->toString() + "' has been blocked from loading by Cross-Origin Resource Sharing policy: " + errorDescription);
+            context().addConsoleMessage("Access to " + resourceType + " at '" + response.url().getString() + "' from origin '" + SecurityOrigin::create(response.url())->toString() + "' has been blocked by CORS policy: " + errorDescription);
         }
         return false;
     }

third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

@@ -150,7 +150,7 @@ DocumentThreadableLoader::DocumentThreadableLoader(Document& document, Threadabl
     , m_requestContext(WebURLRequest::RequestContextUnspecified)
     , m_timeoutTimer(this, &DocumentThreadableLoader::didTimeout)
     , m_requestStartedSeconds(0.0)
-    , m_corsRedirectLimit(kMaxCORSRedirects)
+    , m_corsRedirectLimit(m_options.crossOriginRequestPolicy == UseAccessControl ? kMaxCORSRedirects : 0)
     , m_redirectMode(WebURLRequest::FetchRedirectModeFollow)
     , m_didRedirect(false)
     , m_weakFactory(this)
@@ -507,73 +507,78 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ
         clear();
         client->didFailRedirectCheck();
         // |this| may be dead here.
-    } else if (m_options.crossOriginRequestPolicy == UseAccessControl) {
-        --m_corsRedirectLimit;
 
-        InspectorInstrumentation::didReceiveCORSRedirectResponse(document().frame(), resource->identifier(), document().frame()->loader().documentLoader(), redirectResponse, resource);
+        request = ResourceRequest();
 
-        bool allowRedirect = false;
-        String accessControlErrorDescription;
+        return;
+    }
+
+    --m_corsRedirectLimit;
+
+    InspectorInstrumentation::didReceiveCORSRedirectResponse(document().frame(), resource->identifier(), document().frame()->loader().documentLoader(), redirectResponse, resource);
+
+    bool allowRedirect = false;
+    String accessControlErrorDescription;
 
+    if (m_crossOriginNonSimpleRequest) {
         // Non-simple cross origin requests (both preflight and actual one) are
         // not allowed to follow redirect.
-        if (m_crossOriginNonSimpleRequest) {
-            accessControlErrorDescription = "The request was redirected to '"+ request.url().getString() + "', which is disallowed for cross-origin requests that require preflight.";
-        } else {
-            // The redirect response must pass the access control check if the
-            // original request was not same-origin.
-            allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)
-                && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext));
-        }
-
-        if (allowRedirect) {
-            // FIXME: consider combining this with CORS redirect handling performed by
-            // CrossOriginAccessControl::handleRedirect().
-            clearResource();
-
-            RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redirectResponse.url());
-            RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(request.url());
-            // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
-            // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
-            // should be the original URL origin.)
-            if (!m_sameOriginRequest && !originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
-                m_securityOrigin = SecurityOrigin::createUnique();
-            // Force any subsequent requests to use these checks.
-            m_sameOriginRequest = false;
-
-            // Since the request is no longer same-origin, if the user didn't request credentials in
-            // the first place, update our state so we neither request them nor expect they must be allowed.
-            if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials)
-                m_forceDoNotAllowStoredCredentials = true;
-
-            // Save the referrer to use when following the redirect.
-            m_didRedirect = true;
-            m_referrerAfterRedirect = Referrer(request.httpReferrer(), request.getReferrerPolicy());
-
-            // Remove any headers that may have been added by the network layer that cause access control to fail.
-            request.clearHTTPReferrer();
-            request.clearHTTPOrigin();
-            request.clearHTTPUserAgent();
-            // Add any CORS simple request headers which we previously saved from the original request.
-            for (const auto& header : m_simpleRequestHeaders)
-                request.setHTTPHeaderField(header.key, header.value);
-            makeCrossOriginAccessRequest(request);
-            // |this| may be dead here.
-            return;
-        }
+        accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.";
+    } else if (!CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)) {
+        accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
+    } else if (!m_sameOriginRequest && !passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext)) {
+        // The redirect response must pass the access control check if the
+        // original request was not same-origin.
+        accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
+    } else {
+        allowRedirect = true;
+    }
 
+    if (!allowRedirect) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, redirectResponse.url().getString(), accessControlErrorDescription));
         // |this| may be dead here.
-    } else {
-        ThreadableLoaderClient* client = m_client;
-        clear();
-        client->didFailRedirectCheck();
-        // |this| may be dead here.
+
+        request = ResourceRequest();
+
+        return;
     }
 
-    request = ResourceRequest();
+    // FIXME: consider combining this with CORS redirect handling performed by
+    // CrossOriginAccessControl::handleRedirect().
+    clearResource();
+
+    // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
+    // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
+    // should be the original URL origin.)
+    if (!m_sameOriginRequest) {
+        RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redirectResponse.url());
+        RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(request.url());
+        if (!originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
+            m_securityOrigin = SecurityOrigin::createUnique();
+    }
+    // Force any subsequent requests to use these checks.
+    m_sameOriginRequest = false;
+
+    // Since the request is no longer same-origin, if the user didn't request credentials in
+    // the first place, update our state so we neither request them nor expect they must be allowed.
+    if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials)
+        m_forceDoNotAllowStoredCredentials = true;
+
+    // Save the referrer to use when following the redirect.
+    m_didRedirect = true;
+    m_referrerAfterRedirect = Referrer(request.httpReferrer(), request.getReferrerPolicy());
+
+    // Remove any headers that may have been added by the network layer that cause access control to fail.
+    request.clearHTTPReferrer();
+    request.clearHTTPOrigin();
+    request.clearHTTPUserAgent();
+    // Add any CORS simple request headers which we previously saved from the original request.
+    for (const auto& header : m_simpleRequestHeaders)
+        request.setHTTPHeaderField(header.key, header.value);
+    makeCrossOriginAccessRequest(request);
+    // |this| may be dead here.
 }
 
 void DocumentThreadableLoader::redirectBlocked()