Bug 1309358 - P1: Add wildcard to Access-Control-Expose-Headers r=baku

For requests without credentials, add wildcard to Access-Control-Expose-Headers.

Differential Revision: https://phabricator.services.mozilla.com/D36624

dom/xhr/XMLHttpRequestMainThread.cpp

@@ -1029,10 +1029,14 @@ bool XMLHttpRequestMainThread::IsSafeHeader(
     if (!NS_IsValidHTTPToken(token)) {
       return false;
     }
-    if (aHeader.Equals(token, nsCaseInsensitiveCStringComparator())) {
+
+    if (token.EqualsLiteral("*") && !mFlagACwithCredentials) {
+      isSafe = true;
+    } else if (aHeader.Equals(token, nsCaseInsensitiveCStringComparator())) {
       isSafe = true;
     }
   }
+
   return isSafe;
 }