Teach URLRequest about initiator checks for First-Party-Only cookies.

net/url_request/url_request_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "build/build_config.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
@@ skipping 2632 matching lines @@
 
     EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
     EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
   }
 }
 
 TEST_F(URLRequestTest, FirstPartyOnlyCookiesEnabled) {
   LocalHttpTestServer test_server;
   ASSERT_TRUE(test_server.Start());
 
+  TestNetworkDelegate network_delegate;
+  network_delegate.set_experimental_cookie_features_enabled(true);
+  default_context_.set_network_delegate(&network_delegate);
+
   // Set up a 'First-Party-Only' cookie (on '127.0.0.1', as that's where
   // LocalHttpTestServer points).
   {
-    TestNetworkDelegate network_delegate;
-    network_delegate.set_experimental_cookie_features_enabled(true);
-    default_context_.set_network_delegate(&network_delegate);
-
     TestDelegate d;
     scoped_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL(
             "/set-cookie?FirstPartyCookieToSet=1;First-Party-Only"),
         DEFAULT_PRIORITY, &d));
     req->Start();
     base::RunLoop().Run();
     EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
     EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
     EXPECT_EQ(1, network_delegate.set_cookie_count());
   }
 
   // Verify that the cookie is sent for first-party requests.
   {
-    TestNetworkDelegate network_delegate;
-    network_delegate.set_experimental_cookie_features_enabled(true);
-    default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     scoped_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(test_server.GetURL("/"));
+    req->set_initiator(url::Origin(test_server.GetURL("/")));
     req->Start();
     base::RunLoop().Run();
 
     EXPECT_TRUE(d.data_received().find("FirstPartyCookieToSet=1") !=
                 std::string::npos);
     EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
     EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
   }
 
-  // Verify that the cookie is not-sent for non-first-party requests.
+  // Verify that the cookie is not sent for non-first-party requests.
   {
-    TestNetworkDelegate network_delegate;
-    network_delegate.set_experimental_cookie_features_enabled(true);
-    default_context_.set_network_delegate(&network_delegate);
     TestDelegate d;
     scoped_ptr<URLRequest> req(default_context_.CreateRequest(
         test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
     req->set_first_party_for_cookies(GURL("http://third-party.test/"));
+    req->set_initiator(url::Origin(GURL("http://third-party.test/")));
     req->Start();
     base::RunLoop().Run();
 
+    EXPECT_TRUE(d.data_received().find("FirstPartyCookieToSet=1") ==
+                std::string::npos);
+    EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
+    EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
+  }
+
+  // Verify that the cookie is sent for non-first-party initiators when the
+  // method is "safe".
+  {
+    TestDelegate d;
+    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+        test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
+    req->set_first_party_for_cookies(test_server.GetURL("/"));
+    req->set_initiator(url::Origin(GURL("http://third-party.test/")));
+    req->Start();
+    base::RunLoop().Run();
+
+    EXPECT_FALSE(d.data_received().find("FirstPartyCookieToSet=1") ==
+                 std::string::npos);
+    EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
+    EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
+  }
+
+  // Verify that the cookie is not sent for non-first-party initiators when the
+  // method is unsafe (e.g. POST).
+  {
+    TestDelegate d;
+    scoped_ptr<URLRequest> req(default_context_.CreateRequest(
+        test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
+    req->set_first_party_for_cookies(test_server.GetURL("/"));
+    req->set_initiator(url::Origin(GURL("http://third-party.test/")));
+    req->set_method("POST");
+    req->Start();
+    base::RunLoop().Run();
+
     EXPECT_TRUE(d.data_received().find("FirstPartyCookieToSet=1") ==
                 std::string::npos);
     EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
     EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
   }
 }
 
 TEST_F(URLRequestTest, FirstPartyOnlyCookiesDisabled) {
   LocalHttpTestServer test_server;
   ASSERT_TRUE(test_server.Start());
@@ skipping 7056 matching lines @@
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
 
   req->Start();
   req->Cancel();
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status());
   EXPECT_EQ(0, d.received_redirect_count());
 }
 
 }  // namespace net