Index: net/url_request/url_request_http_job.cc |
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc |
index bbfee654d48b8018a0b5e4a65e6a688db3d8cd93..b53c3713426173f2d6d600993affe111b7622949 100644 |
--- a/net/url_request/url_request_http_job.cc |
+++ b/net/url_request/url_request_http_job.cc |
@@ -659,13 +659,23 @@ void URLRequestHttpJob::DoLoadCookies() { |
CookieOptions options; |
options.set_include_httponly(); |
- // TODO(mkwst): Drop this `if` once we decide whether or not to ship |
- // first-party cookies: https://crbug.com/459154 |
- if (network_delegate() && |
- network_delegate()->AreExperimentalCookieFeaturesEnabled()) |
- options.set_first_party(url::Origin(request_->first_party_for_cookies())); |
- else |
+ url::Origin origin(request_->url()); |
+ |
nasko
2015/10/20 22:36:30
nit: No need for empty line.
Mike West
2015/10/22 13:17:02
Done.
|
+ if (origin.IsSameOriginWith( |
+ url::Origin(request_->first_party_for_cookies())) && |
+ (request_->is_safe_method() || |
+ origin.IsSameOriginWith(request_->initiator()))) { |
+ options.set_include_first_party_only(); |
+ } |
+ |
+ // TODO(mkwst): If first-party-only cookies aren't enabled, pretend the |
+ // request is first-party regardless, in order to include all cookies. Drop |
+ // this check once we decide whether or not we're shipping this feature: |
+ // https://crbug.com/459154 |
+ if (!network_delegate() || |
+ !network_delegate()->AreExperimentalCookieFeaturesEnabled()) { |
options.set_include_first_party_only(); |
+ } |
request_->context()->cookie_store()->GetCookiesWithOptionsAsync( |
request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded, |