Relax cross-origin partial response requirements for CORS presence.

Per discussion on the bug, if the redirect passes a CORS we should allow
the mixing of origins.  DidPassCORSAccessCheck() will ensure each request
passes the crossorigin test.

Prior to this fix, crossOrigin redirects for video were always broken, this fix
also allows 'range' to be a simple header when a client has requested no preflight.

BUG=532569
TEST=new unittest, manually verified exploit fails if crossorigin set.

Review URL: https://codereview.chromium.org/1356353003

Cr-Commit-Position: refs/heads/master@{#355452}

1 files changed, 4 insertions, 3 deletions

diff --git a/media/blink/buffered_data_source.cc b/media/blink/buffered_data_source.cc
index eb4c984..0fc1617 100644
--- a/media/blink/buffered_data_source.cc
+++ b/media/blink/buffered_data_source.cc
@@ -431,9 +431,10 @@ bool BufferedDataSource::CheckPartialResponseURL(
   // generated bytes and the target response. See http://crbug.com/489060#c32
   // for details.
   // If the origin of the new response is different from the first response we
-  // deny the redirected response.
-  return response_original_url_.GetOrigin() ==
-         partial_response_original_url.GetOrigin();
+  // deny the redirected response unless the crossorigin attribute has been set.
+  return (response_original_url_.GetOrigin() ==
+          partial_response_original_url.GetOrigin()) ||
+         DidPassCORSAccessCheck();
 }
 
 void BufferedDataSource::ReadCallback(