Issue #1975 - Follow-up: Enable Origin header on same-origin by default.

I've used this setting without ill effects for weeks, including visiting
many a cloudflare-backed site. There is no issue there.

modules/libpref/init/all.js

@@ -1496,8 +1496,8 @@ pref("network.http.referer.XOriginTrimmingPolicy", 0);
 pref("network.http.referer.XOriginPolicy", 0);
 
 // Include an origin header on non-GET and non-HEAD requests regardless of CORS
-// 0=never send, 1=send when same-origin only, 2=always send
-pref("network.http.sendOriginHeader", 0);
+// 0=never send, 1=send when same-origin only, 2=always send (careful!)
+pref("network.http.sendOriginHeader", 1);
 
 // Controls whether referrer attributes in <a>, <img>, <area>, <iframe>, and <link> are honoured
 pref("network.http.enablePerElementReferrer", true);