Teach URLRequest about initiator checks for First-Party-Only cookies.

net/cookies/canonical_cookie_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cookies/canonical_cookie.h"
 
 #include "base/memory/scoped_ptr.h"
 #include "net/cookies/cookie_constants.h"
 #include "net/cookies/cookie_options.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ skipping 66 matching lines @@
       CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options));
   EXPECT_FALSE(cookie.get());
   CookieOptions httponly_options;
   httponly_options.set_include_httponly();
   cookie.reset(CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time,
                                        httponly_options));
   EXPECT_TRUE(cookie->IsHttpOnly());
 
   // Test creating http only cookies.
   CookieOptions first_party_options;
-  first_party_options.set_first_party(url::Origin(url));
+  first_party_options.set_include_first_party_only();
   cookie.reset(CanonicalCookie::Create(url, "A=2; First-Party-Only",
                                        creation_time, httponly_options));
   EXPECT_TRUE(cookie.get());
   EXPECT_TRUE(cookie->IsFirstPartyOnly());
 
   // Test the creating cookies using specific parameter instead of a cookie
   // string.
   cookie.reset(CanonicalCookie::Create(
       url, "A", "2", "www.example.com", "/test", creation_time, base::Time(),
       false, false, false, COOKIE_PRIORITY_DEFAULT));
@@ skipping 242 matching lines @@
 
 TEST(CanonicalCookieTest, IncludeFirstPartyForFirstPartyURL) {
   GURL insecure_url("http://example.test");
   GURL secure_url("https://example.test");
   GURL secure_url_with_path("https://example.test/foo/bar/index.html");
   GURL third_party_url("https://not-example.test");
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
   scoped_ptr<CanonicalCookie> cookie;
 
-  // First-party-only cookies are not inlcuded if a top-level URL is unset.
+  // First-party-only cookies are not included for non-first-party requests,
+  // even if other properties match:
   cookie.reset(CanonicalCookie::Create(secure_url, "A=2; First-Party-Only",
                                        creation_time, options));
   EXPECT_TRUE(cookie->IsFirstPartyOnly());
-  options.set_first_party(url::Origin());
   EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
-
-  // First-party-only cookies are included only if the cookie's origin matches
-  // the
-  // first-party origin.
-  options.set_first_party(url::Origin(secure_url));
-  EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
-  options.set_first_party(url::Origin(insecure_url));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
-  options.set_first_party(url::Origin(third_party_url));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
-
-  // "First-Party-Only" doesn't override the 'secure' flag.
   cookie.reset(CanonicalCookie::Create(
       secure_url, "A=2; Secure; First-Party-Only", creation_time, options));
-  options.set_first_party(url::Origin(secure_url));
-  EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(insecure_url, options));
-  options.set_first_party(url::Origin(insecure_url));
+  EXPECT_TRUE(cookie->IsFirstPartyOnly());
   EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(insecure_url, options));
-
-  // "First-Party-Only" doesn't override the 'path' flag.
   cookie.reset(CanonicalCookie::Create(secure_url_with_path,
                                        "A=2; First-Party-Only; path=/foo/bar",
                                        creation_time, options));
-  options.set_first_party(url::Origin(secure_url_with_path));
+  EXPECT_TRUE(cookie->IsFirstPartyOnly());
+  EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
+
+  // First-party-only cookies are included for first-party requests:
+  options.set_include_first_party_only();
+  cookie.reset(CanonicalCookie::Create(secure_url, "A=2; First-Party-Only",
+                                       creation_time, options));
+  EXPECT_TRUE(cookie->IsFirstPartyOnly());
+  EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
+  cookie.reset(CanonicalCookie::Create(
+      secure_url, "A=2; Secure; First-Party-Only", creation_time, options));
+  EXPECT_TRUE(cookie->IsFirstPartyOnly());
+  EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
+  cookie.reset(CanonicalCookie::Create(secure_url_with_path,
+                                       "A=2; First-Party-Only; path=/foo/bar",
+                                       creation_time, options));
+  EXPECT_TRUE(cookie->IsFirstPartyOnly());
   EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
-  options.set_first_party(url::Origin(secure_url));
-  EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options));
-  EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
 }
 
 TEST(CanonicalCookieTest, PartialCompare) {
   GURL url("http://www.example.com");
   base::Time creation_time = base::Time::Now();
   CookieOptions options;
   scoped_ptr<CanonicalCookie> cookie(
       CanonicalCookie::Create(url, "a=b", creation_time, options));
   scoped_ptr<CanonicalCookie> cookie_different_path(
       CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
@@ skipping 46 matching lines @@
         else if (b.FullCompare(a))
           EXPECT_FALSE(a.PartialCompare(b));
       };
 
   check_consistency(*cookie, *cookie_different_path);
   check_consistency(*cookie, *cookie_different_value);
   check_consistency(*cookie_different_path, *cookie_different_value);
 }
 
 }  // namespace net