Fix strict secure cookies bugs This fixes a bug where strict secure cookies were showing up in content settings, even though they were not added to the cookie monster. Also adds a browser test to verify. Also fixes a lack of checks for strict secure cookies in HTTP headers. Adds that and adds a unit test to verify. BUG=546820 [email protected] Review URL: https://codereview.chromium.org/1497633002 Cr-Commit-Position: refs/heads/master@{#363392}

commit: 79acedaf8210ce1d944a4826ccc2e0ab90804617 [log] [tgz]
author: jww <[email protected]> Mon Dec 07 01:56:34 2015
committer: Commit bot <[email protected]> Mon Dec 07 01:57:31 2015
tree: 02d954b6f4358ae80764584c93261313644ebdcc
parent: a96c065ed30ea3b0c43682ddc8d3ee18ea2fd416 [diff] [blame]
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 5c4ddd1..bf9f63b 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc

@@ -746,11 +746,17 @@
     CookieOptions options;
     options.set_include_httponly();
     options.set_server_time(response_date_);
+
     if (network_delegate() &&
         network_delegate()->AreExperimentalCookieFeaturesEnabled()) {
       options.set_enforce_prefixes();
     }
 
+    if (network_delegate() &&
+        network_delegate()->AreStrictSecureCookiesEnabled()) {
+      options.set_enforce_strict_secure();
+    }
+
     CookieStore::SetCookiesCallback callback(base::Bind(
         &URLRequestHttpJob::OnCookieSaved, weak_factory_.GetWeakPtr(),
         save_next_cookie_running, callback_pending));
commit	79acedaf8210ce1d944a4826ccc2e0ab90804617	[log] [tgz]
author	jww <[email protected]>	Mon Dec 07 01:56:34 2015
committer	Commit bot <[email protected]>	Mon Dec 07 01:57:31 2015
tree	02d954b6f4358ae80764584c93261313644ebdcc
parent	a96c065ed30ea3b0c43682ddc8d3ee18ea2fd416 [diff] [blame]