| Index: net/url_request/url_request_http_job.cc
|
| diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
|
| index bbfee654d48b8018a0b5e4a65e6a688db3d8cd93..ed06effc14aafe248c8932318e1d87aa365aa1bd 100644
|
| --- a/net/url_request/url_request_http_job.cc
|
| +++ b/net/url_request/url_request_http_job.cc
|
| @@ -659,13 +659,22 @@ void URLRequestHttpJob::DoLoadCookies() {
|
| CookieOptions options;
|
| options.set_include_httponly();
|
|
|
| - // TODO(mkwst): Drop this `if` once we decide whether or not to ship
|
| - // first-party cookies: https://crbug.com/459154
|
| - if (network_delegate() &&
|
| - network_delegate()->AreExperimentalCookieFeaturesEnabled())
|
| - options.set_first_party(url::Origin(request_->first_party_for_cookies()));
|
| - else
|
| + url::Origin origin(request_->url());
|
| + if (origin.IsSameOriginWith(
|
| + url::Origin(request_->first_party_for_cookies())) &&
|
| + (request_->is_safe_method() ||
|
| + origin.IsSameOriginWith(request_->initiator()))) {
|
| options.set_include_first_party_only();
|
| + }
|
| +
|
| + // TODO(mkwst): If first-party-only cookies aren't enabled, pretend the
|
| + // request is first-party regardless, in order to include all cookies. Drop
|
| + // this check once we decide whether or not we're shipping this feature:
|
| + // https://crbug.com/459154
|
| + if (!network_delegate() ||
|
| + !network_delegate()->AreExperimentalCookieFeaturesEnabled()) {
|
| + options.set_include_first_party_only();
|
| + }
|
|
|
| request_->context()->cookie_store()->GetCookiesWithOptionsAsync(
|
| request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded,
|
|
|
Chromium Code Reviews
Issue 1411813003:
Teach URLRequest about initiator checks for First-Party-Only cookies. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master