Preserving extra http request headers in OpenURL navigation path [relanding].

content/browser/frame_host/render_frame_host_manager.cc

Index: content/browser/frame_host/render_frame_host_manager.cc
diff --git a/content/browser/frame_host/render_frame_host_manager.cc b/content/browser/frame_host/render_frame_host_manager.cc
index 1a8acb96ba0062eb79562cb4dce53ce03442f662..4971162605e15af9aeef844cb10914d3aad81d74 100644
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -457,6 +457,14 @@ void RenderFrameHostManager::OnCrossSiteResponse(
   std::vector<GURL> rest_of_chain = transfer_url_chain;
   rest_of_chain.pop_back();
 
+  // |extra_headers| passed to RequestTransferURL below are always empty for
+  // now, because there are no known scenarios where headers (from POST request
+  // made from one renderer) need to be forwarded into the renderer where that
+  // request ends up being transfered to.  In particular, XSSAuditor doesn't
+  // look at the headers (e.g. the Content-Type header) when analyzing the body
+  // of the POST request.
+  std::string extra_headers;
+
   transferring_render_frame_host->frame_tree_node()
       ->navigator()
       ->RequestTransferURL(
@@ -464,7 +472,7 @@ void RenderFrameHostManager::OnCrossSiteResponse(
           referrer, page_transition, global_request_id,
           should_replace_current_entry,
           transfer_navigation_handle_->IsPost() ? "POST" : "GET",
-          transfer_navigation_handle_->resource_request_body());
+          transfer_navigation_handle_->resource_request_body(), extra_headers);
 
   // If the navigation continued, the NavigationHandle should have been
   // transfered to a RenderFrameHost. In the other cases, it should be cleared.