fischman/gist:2877666

## gistfile1.diff
diff --git a/Source/WebKit/chromium/src/AssociatedURLLoader.cpp b/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
index f1c2aab..e466f4d 100644
--- a/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
+++ b/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
@@ -32,6 +32,7 @@
 #include "AssociatedURLLoader.h"

 #include "CrossOriginAccessControl.h"
+#include "Document.h"
 #include "DocumentThreadableLoader.h"
 #include "DocumentThreadableLoaderClient.h"
 #include "HTTPValidation.h"
@@ -346,8 +347,10 @@ void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebUR
         options.crossOriginRequestPolicy = static_cast<WebCore::CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy);
         options.shouldBufferData = DoNotBufferData;

-        const ResourceRequest& webcoreRequest = newRequest.toResourceRequest();
+        ResourceRequest& webcoreRequest = newRequest.toMutableResourceRequest();
         Document* webcoreDocument = m_frameImpl->frame()->document();
+        if (options.crossOriginRequestPolicy == WebCore::UseAccessControl)
+            updateRequestForAccessControl(webcoreRequest, webcoreDocument->securityOrigin(), options.allowCredentials);
         m_loader = DocumentThreadableLoader::create(webcoreDocument, m_clientAdapter.get(), webcoreRequest, options);
     } else {
         // FIXME: return meaningful error codes.
	diff --git a/Source/WebKit/chromium/src/AssociatedURLLoader.cpp b/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
	index f1c2aab..e466f4d 100644
	--- a/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
	+++ b/Source/WebKit/chromium/src/AssociatedURLLoader.cpp
	@@ -32,6 +32,7 @@
	#include "AssociatedURLLoader.h"

	#include "CrossOriginAccessControl.h"
	+#include "Document.h"
	#include "DocumentThreadableLoader.h"
	#include "DocumentThreadableLoaderClient.h"
	#include "HTTPValidation.h"
	@@ -346,8 +347,10 @@ void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebUR
	options.crossOriginRequestPolicy = static_cast<WebCore::CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy);
	options.shouldBufferData = DoNotBufferData;

	- const ResourceRequest& webcoreRequest = newRequest.toResourceRequest();
	+ ResourceRequest& webcoreRequest = newRequest.toMutableResourceRequest();
	Document* webcoreDocument = m_frameImpl->frame()->document();
	+ if (options.crossOriginRequestPolicy == WebCore::UseAccessControl)
	+ updateRequestForAccessControl(webcoreRequest, webcoreDocument->securityOrigin(), options.allowCredentials);
	m_loader = DocumentThreadableLoader::create(webcoreDocument, m_clientAdapter.get(), webcoreRequest, options);
	} else {
	// FIXME: return meaningful error codes.