net/http: make CrossOriginProtection zero value work [freeze exception]

[aclements]

In #73626, we overlooked specifying the zero value of the new net/http.CrossOriginProtection type. As implemented, attempting to use the zero value will result in most of its methods panicking with a nil dereference.

We'd like a freeze exception to make the zero value of CrossOriginProtection work just like the value currently returned by NewCrossOriginProtection().

There was some discussion of this when the CL was written, but it focused on whether NewCrossOriginProtection was necessary and concluded that it made certain patterns much nicer to write, but that discussion overlooked that we could also make the zero value work.

[gopherbot]

Change https://go.dev/cl/680396 mentions this issue: net/http: make the zero value of CrossOriginProtection work

[gabyhelp]

Related Code Changes

• net/http: make the zero value of CrossOriginProtection work

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[cherrymui]

Freeze exception LGTM. Addressing issues of new APIs is in the scope of the freeze.