SameSite: Strict/Lax behavior.
This patch brings our "SameSite" implementation into line with
https://tools.ietf.org/html/draft-west-first-party-cookies-06 by teaching
CookieOptions about strict and lax request modes, and teaching URLRequestHttpJob
about the registrable-domain behaviors of both.
BUG=459154
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1783813002
Cr-Commit-Position: refs/heads/master@{#382277}
diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc
index a4f99dc..aaecaf9a 100644
--- a/net/cookies/cookie_monster.cc
+++ b/net/cookies/cookie_monster.cc
@@ -1044,7 +1044,8 @@
CookieOptions options;
options.set_include_httponly();
- options.set_include_same_site();
+ options.set_same_site_cookie_mode(
+ CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
if (enforce_strict_secure)
options.set_enforce_strict_secure();
return SetCanonicalCookie(std::move(cc), options);
@@ -1198,7 +1199,8 @@
CookieOptions options;
options.set_include_httponly();
- options.set_include_same_site();
+ options.set_same_site_cookie_mode(
+ CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
// Get the cookies for this host and its domain(s).
std::vector<CanonicalCookie*> cookies;
FindCookiesForHostAndDomain(url, options, &cookies);
@@ -2327,7 +2329,8 @@
CookieOptions opts;
opts.set_include_httponly();
- opts.set_include_same_site();
+ opts.set_same_site_cookie_mode(
+ CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
// Note that the callbacks in hook_map_ are wrapped with RunAsync(), so they
// are guaranteed to not take long - they just post a RunAsync task back to
// the appropriate thread's message loop and return.
