Restrict setting some network headers through URLLoader interface.

The restricted headers potentially give Chrome and the server its
talking different views of what's going on for the rest of a
transaction, so it isn't a great idea to allow setting them.

Proxy headers are also restricted.

Bug: 973103
Change-Id: Id014181a332252d908c6255cc7c2593a4be781f4
Reviewed-by: Bill Budge <>
Reviewed-by: Asanka Herath <>
Commit-Queue: Matt Menke <>
Cr-Original-Commit-Position: refs/heads/master@{#669924}
Cr-Mirrored-Commit: eb88b44f8e65531bf5a7176bacd3088af7a75fce
1 file changed