Index: net/cookies/canonical_cookie.cc |
diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc |
index 5647a22052b385efb283444ea0f583ae91d59ba0..b244382c55311ed0cf1235db7aeda916fab74edc 100644 |
--- a/net/cookies/canonical_cookie.cc |
+++ b/net/cookies/canonical_cookie.cc |
@@ -422,12 +422,13 @@ bool CanonicalCookie::IncludeForRequestURL(const GURL& url, |
if (!IsOnPath(url.path())) |
return false; |
// Don't include same-site cookies for cross-site requests. |
- // |
- // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies |
- // in the same way. https://codereview.chromium.org/1783813002 will eventually |
- // distinguish between them based on attributes of the request. |
- if (SameSite() != CookieSameSite::NO_RESTRICTION && |
- !options.include_same_site()) { |
+ if (SameSite() == CookieSameSite::STRICT_MODE && |
mmenke
2016/03/17 19:15:56
Suggest a switch statement, just to make clear how
Mike West
2016/03/18 14:27:17
I've turned this into a switch, but I'm not actual
mmenke
2016/03/18 15:58:12
I think it's marginally better, but not really a h
|
+ options.same_site_mode() != |
+ CookieOptions::SameSiteMode::INCLUDE_STRICT_AND_LAX) { |
+ return false; |
+ } |
+ if (SameSite() == CookieSameSite::LAX_MODE && |
+ options.same_site_mode() == CookieOptions::SameSiteMode::DO_NOT_INCLUDE) { |
return false; |
} |