OOR-CORS: Disallow to set Host header via the factory interface

Host header is expected to be set by the network stack and
the value should be aligned with the destination host, or |url|
in the ResourceRequest.

Users' JavaScripts can not set this header because the name is
listed in |forbidden header name| of the fetch spec, but still
mojo IPC can be compromised potentially, and having this second
check in the network service would reduce security risk.

Bug: 925359
Change-Id: Idfe9209fec9c5ed72c384ff2592e02c96a2e77a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1601086
Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#659373}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 9f2a4f4ab986e31e6b2f5b3b171d158c564885c1
1 file changed