Handle "same-origin" credentials mode with "no-cors" mode correctly
The spec says "same-origin" credentials mode takes effect even when used
with "no-cors" mode, but in blink::ResourceFetcher it behaves just like
"include".
Currently CSP violation report uses "same-origin" credentials mode is
used with "no-cors" mode, but it doesn't useResourceFetcher.
This CL fixes ResourceFetcher so that CSP violation report can use
ResourceFetcher.
This change is aligned with the consensus made on a fetch API spec
discussion: https://github.com/whatwg/fetch/issues/169
Bug: 695939
Change-Id: I50537125399909c30d1a5eb293859520c11d7c82
Reviewed-on: https://chromium-review.googlesource.com/554513
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#483713}1 file changed
