Network traffic annotation added to chrome::BitmapFetcher.

chrome/browser/ui/passwords/account_avatar_fetcher.cc

Index: chrome/browser/ui/passwords/account_avatar_fetcher.cc
diff --git a/chrome/browser/ui/passwords/account_avatar_fetcher.cc b/chrome/browser/ui/passwords/account_avatar_fetcher.cc
index b12c62550f46b6439b15a334ef058efc1cdd6a47..098de657fc06d4e42499b2ea9999848ac9eaa343 100644
--- a/chrome/browser/ui/passwords/account_avatar_fetcher.cc
+++ b/chrome/browser/ui/passwords/account_avatar_fetcher.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/ui/passwords/account_avatar_fetcher.h"
 
 #include "net/base/load_flags.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "ui/gfx/image/image.h"
 #include "ui/gfx/image/image_skia.h"
 #include "ui/gfx/image/image_skia_operations.h"
@@ -12,18 +13,43 @@
 AccountAvatarFetcher::AccountAvatarFetcher(
     const GURL& url,
     const base::WeakPtr<AccountAvatarFetcherDelegate>& delegate)
-    : fetcher_(url, this), delegate_(delegate) {
+    : delegate_(delegate) {
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("credenential avatar", R"(
+        semantics {
+          sender: "chrome password manager"
+          description:
+            "Every credential saved in Chrome via the Credential Management "
+            "API can have an avatar URL. The URL is essentially provided by "
+            "the site calling the API. The avatar is used in the account "
+            "chooser UI and auto signin toast which appear when a site calls "
+            "navigator.credentials.get(). The avatar is retrieved before "
+            "showing the UI."
+          trigger:
+            "User visits a site that calls navigator.credentials.get(). "
+            "Assuming there are matching credentials in the Chrome password "
+            "store, the avatars are retrieved."
+          destination: WEBSITE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "One can disable saving new credentials in the settings (see "
+            "'Passwords and forms'). There is no setting to disable the API."
+          }

[battre, 2017/02/10 08:52:34]

@vasilii: Don't we have a policy to disable the entire password manager?

[vasilii, 2017/02/10 09:38:01]

"PasswordManagerEnabled" is the policy. However, it disables saving new
credentials. Obviously, without credentials this class will never be
instantiated. However, there is no policy that suppresses the API.

[Ramin Halavati, 2017/02/10 14:40:57]

So I think as that policy stops generating this network request, we can still
add it here. Do you agree?

[vasilii, 2017/02/10 16:29:39]

I agree.

+        })");
+  fetcher_.reset(new chrome::BitmapFetcher(url, this, traffic_annotation));
 }
 
 AccountAvatarFetcher::~AccountAvatarFetcher() = default;
 
 void AccountAvatarFetcher::Start(
     net::URLRequestContextGetter* request_context) {
-  fetcher_.Init(request_context, std::string(),
-                net::URLRequest::NEVER_CLEAR_REFERRER,
-                net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES |
-                net::LOAD_DO_NOT_SEND_AUTH_DATA | net::LOAD_MAYBE_USER_GESTURE);
-  fetcher_.Start();
+  fetcher_->Init(
+      request_context, std::string(), net::URLRequest::NEVER_CLEAR_REFERRER,
+      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES |
+          net::LOAD_DO_NOT_SEND_AUTH_DATA | net::LOAD_MAYBE_USER_GESTURE);

[vasilii, 2017/02/10 09:38:01]

I liked the previous formatting more.

[Ramin Halavati, 2017/02/10 14:40:57]

Sorry, reverted. git cl format had done it behind my back!

+  fetcher_->Start();
 }
 
 void AccountAvatarFetcher::OnFetchComplete(const GURL& /*url*/,