Teach URLRequest about initiator checks for First-Party-Only cookies.

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index bbfee654d48b8018a0b5e4a65e6a688db3d8cd93..b53c3713426173f2d6d600993affe111b7622949 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -659,13 +659,23 @@ void URLRequestHttpJob::DoLoadCookies() {
   CookieOptions options;
   options.set_include_httponly();
 
-  // TODO(mkwst): Drop this `if` once we decide whether or not to ship
-  // first-party cookies: https://crbug.com/459154
-  if (network_delegate() &&
-      network_delegate()->AreExperimentalCookieFeaturesEnabled())
-    options.set_first_party(url::Origin(request_->first_party_for_cookies()));
-  else
+  url::Origin origin(request_->url());
+

[nasko, 2015/10/20 22:36:30]

nit: No need for empty line.

[Mike West, 2015/10/22 13:17:02]

Done.

+  if (origin.IsSameOriginWith(
+          url::Origin(request_->first_party_for_cookies())) &&
+      (request_->is_safe_method() ||
+       origin.IsSameOriginWith(request_->initiator()))) {
+    options.set_include_first_party_only();
+  }
+
+  // TODO(mkwst): If first-party-only cookies aren't enabled, pretend the
+  // request is first-party regardless, in order to include all cookies. Drop
+  // this check once we decide whether or not we're shipping this feature:
+  // https://crbug.com/459154
+  if (!network_delegate() ||
+      !network_delegate()->AreExperimentalCookieFeaturesEnabled()) {
     options.set_include_first_party_only();
+  }
 
   request_->context()->cookie_store()->GetCookiesWithOptionsAsync(
       request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded,