Implements strict secure cookies as the default behavior in //net

net/cookies/canonical_cookie.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Portions of this code based on Mozilla:
 //   (netwerk/cookie/src/nsCookieService.cpp)
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
@@ skipping 177 matching lines @@
   std::string cookie_domain;
   if (!GetCookieDomain(url, parsed_cookie, &cookie_domain)) {
     VLOG(kVlogSetCookies) << "Create() failed to get a cookie domain";
     return nullptr;
   }
 
   // Per 3.2.1 of "Deprecate modification of 'secure' cookies from non-secure
   // origins", if the cookie's "secure-only-flag" is "true" and the requesting
   // URL does not have a secure scheme, the cookie should be thrown away.
   // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone
-  if (options.enforce_strict_secure() && parsed_cookie.IsSecure() &&
-      !url.SchemeIsCryptographic()) {
+  if (parsed_cookie.IsSecure() && !url.SchemeIsCryptographic()) {
     VLOG(kVlogSetCookies)
         << "Create() is trying to create a secure cookie from an insecure URL";
     return nullptr;
   }
 
   std::string cookie_path = CanonicalCookie::CanonPath(url, parsed_cookie);
   Time server_time(creation_time);
   if (options.has_server_time())
     server_time = options.server_time();
 
@@ skipping 23 matching lines @@
     const GURL& url,
     const std::string& name,
     const std::string& value,
     const std::string& domain,
     const std::string& path,
     const base::Time& creation,
     const base::Time& expiration,
     bool secure,
     bool http_only,
     CookieSameSite same_site,
-    bool enforce_strict_secure,
     CookiePriority priority) {
   // Expect valid attribute tokens and values, as defined by the ParsedCookie
   // logic, otherwise don't create the cookie.
   std::string parsed_name = ParsedCookie::ParseTokenString(name);
   if (parsed_name != name)
     return nullptr;
   std::string parsed_value = ParsedCookie::ParseValueString(value);
   if (parsed_value != value)
     return nullptr;
 
   std::string parsed_domain = ParsedCookie::ParseValueString(domain);
   if (parsed_domain != domain)
     return nullptr;
   std::string cookie_domain;
   if (!cookie_util::GetCookieDomainWithString(url, parsed_domain,
                                                &cookie_domain)) {
     return nullptr;
   }
 
-  if (enforce_strict_secure && secure && !url.SchemeIsCryptographic())
+  if (secure && !url.SchemeIsCryptographic())
     return nullptr;
 
   std::string parsed_path = ParsedCookie::ParseValueString(path);
   if (parsed_path != path)
     return nullptr;
 
   std::string cookie_path = CanonPathWithString(url, parsed_path);
   // Expect that the path was either not specified (empty), or is valid.
   if (!parsed_path.empty() && cookie_path != parsed_path)
     return nullptr;
@@ skipping 249 matching lines @@
   return true;
 }
 
 std::string CanonicalCookie::DomainWithoutDot() const {
   if (domain_.empty() || domain_[0] != '.')
     return domain_;
   return domain_.substr(1);
 }
 
 }  // namespace net