SameSite: Strict/Lax behavior.

net/cookies/canonical_cookie.cc

Index: net/cookies/canonical_cookie.cc
diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc
index 5647a22052b385efb283444ea0f583ae91d59ba0..b244382c55311ed0cf1235db7aeda916fab74edc 100644
--- a/net/cookies/canonical_cookie.cc
+++ b/net/cookies/canonical_cookie.cc
@@ -422,12 +422,13 @@ bool CanonicalCookie::IncludeForRequestURL(const GURL& url,
   if (!IsOnPath(url.path()))
     return false;
   // Don't include same-site cookies for cross-site requests.
-  //
-  // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies
-  // in the same way. https://codereview.chromium.org/1783813002 will eventually
-  // distinguish between them based on attributes of the request.
-  if (SameSite() != CookieSameSite::NO_RESTRICTION &&
-      !options.include_same_site()) {
+  if (SameSite() == CookieSameSite::STRICT_MODE &&

[mmenke, 2016/03/17 19:15:56]

Suggest a switch statement, just to make clear how these are related to each
other.

[Mike West, 2016/03/18 14:27:17]

I've turned this into a switch, but I'm not actually sure it's any clearer...
WDYT?

[mmenke, 2016/03/18 15:58:12]

I think it's marginally better, but not really a huge improvement.  IF you
disagree, feel free to revert.

+      options.same_site_mode() !=
+          CookieOptions::SameSiteMode::INCLUDE_STRICT_AND_LAX) {
+    return false;
+  }
+  if (SameSite() == CookieSameSite::LAX_MODE &&
+      options.same_site_mode() == CookieOptions::SameSiteMode::DO_NOT_INCLUDE) {
     return false;
   }