Restrict setting some network headers through URLLoader interface.

The restricted headers potentially give Chrome and the server its
talking different views of what's going on for the rest of a
transaction, so it isn't a great idea to allow setting them.

Proxy headers are also restricted.

Bug: 973103
Change-Id: Id014181a332252d908c6255cc7c2593a4be781f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1659194
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Asanka Herath <asanka@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#669924}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: eb88b44f8e65531bf5a7176bacd3088af7a75fce
diff --git a/tests/test_url_loader.cc b/tests/test_url_loader.cc
index b33d046..e1108bf 100644
--- a/tests/test_url_loader.cc
+++ b/tests/test_url_loader.cc
@@ -692,7 +692,6 @@
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Accept-Charset:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Accept-Encoding:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Connection:\n"));
-    ASSERT_EQ(PP_OK, OpenTrusted("GET", "Content-Length:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Cookie:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Cookie2:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Content-Transfer-Encoding:\n"));
@@ -704,14 +703,9 @@
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Keep-Alive:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Referer:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "TE:\n"));
-    ASSERT_EQ(PP_OK, OpenTrusted("GET", "Trailer:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Transfer-Encoding:\n"));
-    ASSERT_EQ(PP_OK, OpenTrusted("GET", "Upgrade:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "User-Agent:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Via:\n"));
-    ASSERT_EQ(PP_OK,
-              OpenTrusted("GET",
-                  "Proxy-Authorization: Basic dXNlcjpwYXNzd29yZA==:\n"));
     ASSERT_EQ(PP_OK, OpenTrusted("GET", "Sec-foo:\n"));
   }
   // Trusted requests with custom referrer should succeed.