Index: net/url_request/url_request_http_job.cc |
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc |
index ccc38d544ead9009417fdda7e4b7595c53defc7e..d16d78f5f1e9fe0bc52ec72497af56db890d8d9a 100644 |
--- a/net/url_request/url_request_http_job.cc |
+++ b/net/url_request/url_request_http_job.cc |
@@ -26,6 +26,7 @@ |
#include "net/base/net_errors.h" |
#include "net/base/network_delegate.h" |
#include "net/base/network_quality_estimator.h" |
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
#include "net/base/sdch_manager.h" |
#include "net/base/sdch_net_log_params.h" |
#include "net/base/url_util.h" |
@@ -730,14 +731,21 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() { |
// once we decide whether or not we're shipping this feature: |
// https://crbug.com/459154 |
url::Origin requested_origin(request_->url()); |
+ url::Origin site_for_cookies(request_->first_party_for_cookies()); |
+ |
if (!network_delegate() || |
!network_delegate()->AreExperimentalCookieFeaturesEnabled()) { |
- options.set_include_same_site(); |
- } else if (requested_origin.IsSameOriginWith( |
- url::Origin(request_->first_party_for_cookies())) && |
- (IsMethodSafe(request_->method()) || |
- requested_origin.IsSameOriginWith(request_->initiator()))) { |
- options.set_include_same_site(); |
+ options.set_include_same_site(CookieSameSite::STRICT_MODE); |
+ } else if (registry_controlled_domains::SameDomainOrHost( |
+ requested_origin, site_for_cookies, |
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) { |
+ if (registry_controlled_domains::SameDomainOrHost( |
+ requested_origin, request_->initiator(), |
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) { |
+ options.set_include_same_site(CookieSameSite::STRICT_MODE); |
+ } else if (IsMethodSafe(request_->method())) { |
+ options.set_include_same_site(CookieSameSite::LAX_MODE); |
+ } |
Mike West
2016/03/14 15:24:10
This is the core of the change.
|
} |
cookie_store->GetCookieListWithOptionsAsync( |