Fix Mirror header on Drive domains.

components/signin/core/browser/signin_header_helper.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/signin/core/browser/signin_header_helper.h"
 
 #include <stddef.h>
 
 #include "base/macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "build/build_config.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/google/core/browser/google_util.h"
 #include "components/signin/core/common/profile_management_switches.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/base/escape.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/http/http_response_headers.h"
 #include "net/url_request/url_request.h"
 #include "url/gurl.h"
 
 namespace {
 
 // Dictionary of fields in a mirror response header.
 typedef std::map<std::string, std::string> MirrorResponseHeaderDictionary;
 
 const char kChromeManageAccountsHeader[] = "X-Chrome-Manage-Accounts";
@@ skipping 11 matching lines @@
     return false;
 
   const GURL kGoogleDriveURL("https://drive.google.com");
   const GURL kGoogleDocsURL("https://docs.google.com");
   return url == kGoogleDriveURL || url == kGoogleDocsURL;
 }
 
 bool IsUrlEligibleToIncludeGaiaId(const GURL& url, bool is_header_request) {
   if (is_header_request) {
     // GAIA Id is only necessary for Drive. Don't set it otherwise.
-    return IsDriveOrigin(url);
+    return IsDriveOrigin(url.GetOrigin());
   }
 
   // Cookie requests don't have the granularity to only include the GAIA Id for
   // Drive origin. Set it on all google.com instead.
   if (!url.SchemeIsCryptographic())
     return false;
 
-  const GURL kGoogleDotComURL("https://google.com");
-  return url == kGoogleDotComURL;
+  const std::string kGoogleDomain = "google.com";
+  std::string domain = net::registry_controlled_domains::GetDomainAndRegistry(
+      url, net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);
+  return domain == kGoogleDomain;
 }
 
 // Determines the service type that has been passed from GAIA in the header.
 signin::GAIAServiceType GetGAIAServiceTypeFromHeader(
     const std::string& header_value) {
   if (header_value == "SIGNOUT")
     return signin::GAIA_SERVICE_TYPE_SIGNOUT;
   else if (header_value == "INCOGNITO")
     return signin::GAIA_SERVICE_TYPE_INCOGNITO;
   else if (header_value == "ADDSESSION")
@@ skipping 42 matching lines @@
   if (!signin::SettingsAllowSigninCookies(cookie_settings)) {
     return std::string();
   }
 
   // Check if url is elligible for the header.
   if (!signin::IsUrlEligibleForXChromeConnectedHeader(url))
     return std::string();
 
   std::vector<std::string> parts;
   if (IsUrlEligibleToIncludeGaiaId(url, is_header_request)) {
-    // Only google.com requires the GAIA ID, don't send it to other domains.
+    // Only set the GAIA Id on domains that actually requires it.
     parts.push_back(
         base::StringPrintf("%s=%s", kGaiaIdAttrName, account_id.c_str()));
   }
   parts.push_back(
       base::StringPrintf("%s=%s", kProfileModeAttrName,
                          base::IntToString(profile_mode_mask).c_str()));
   parts.push_back(base::StringPrintf(
       "%s=%s", kEnableAccountConsistencyAttrName,
       switches::IsEnableAccountConsistency() ? "true" : "false"));
 
@@ skipping 107 matching lines @@
       !response_headers->GetNormalizedHeader(
           kChromeManageAccountsHeader, &header_value)) {
     return empty_params;
   }
 
   DCHECK(switches::IsEnableAccountConsistency() && !is_off_the_record);
   return BuildManageAccountsParams(header_value);
 }
 
 // Checks if the url has the required properties to have an
-// X-CHROME-CONNECTED header.
+// X-Chrome-Connected header.
 bool IsUrlEligibleForXChromeConnectedHeader(const GURL& url) {
   // Only set the header for Drive and Gaia always, and other Google properties
   // if account consistency is enabled.
   // Vasquette, which is integrated with most Google properties, needs the
   // header to redirect certain user actions to Chrome native UI. Drive and Gaia
   // need the header to tell if the current user is connected. The drive path is
   // a temporary workaround until the more generic chrome.principals API is
   // available.
 
   // Consider the account id sensitive and limit it to secure domains.
   if (!url.SchemeIsCryptographic())
     return false;
 
   GURL origin(url.GetOrigin());
   bool is_enable_account_consistency = switches::IsEnableAccountConsistency();
   bool is_google_url = is_enable_account_consistency &&
                        (google_util::IsGoogleDomainUrl(
                             url, google_util::ALLOW_SUBDOMAIN,
                             google_util::DISALLOW_NON_STANDARD_PORTS) ||
                         google_util::IsYoutubeDomainUrl(
                             url, google_util::ALLOW_SUBDOMAIN,
                             google_util::DISALLOW_NON_STANDARD_PORTS));
   return is_google_url || IsDriveOrigin(origin) ||
          gaia::IsGaiaSignonRealm(origin);
 }
 
 }  // namespace signin