The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19cf9d97e48c9fe6974d61437549202745b20077

commit 19cf9d97e48c9fe6974d61437549202745b20077
Author: tyoshino <tyoshino@chromium.org>
Date: Tue Oct 04 14:36:30 2016

Fix PingLoader to omit credentials for cross-origin violation reports

My patch http://crrev.com/b3b697fc8bcc938e8b9ab32a34fc5933494faaa1 broke
the PingLoader code path for CSP violation reporting by always passing
AllowStoredCredentials by mistake.

The test report-cross-origin-no-cookies.html (now named .php) introduced
by http://crrev.com/a161a28377d8d71b63a02066574fb47f03dd4b3b included a
sync XHR to set a cookie for the remote host, but it has been not
working because:
- its withCredentials is not set to true
- testRunner is not configured to accept third party cookies
- setCookies.cgi emits wildcard Access-Control-Allow-Origin which is
  invalid for credentialled CORS requests
- it has non-CORS-safelisted header SET-COOKIE

So, the test didn't catch this breakage.

This CL fixes it by using a no-cors fetch() to
/security/resources/set-cookie.php which takes arguments via the query
part of a URL.

BUG= 646780 
R=mkwst@chromium.org

Review-Url: https://codereview.chromium.org/2345463002
Cr-Commit-Position: refs/heads/master@{#422787}

[modify] https://crrev.com/19cf9d97e48c9fe6974d61437549202745b20077/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt
[modify] https://crrev.com/19cf9d97e48c9fe6974d61437549202745b20077/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
[modify] https://crrev.com/19cf9d97e48c9fe6974d61437549202745b20077/third_party/WebKit/Source/core/loader/PingLoader.cpp