Network traffic annotation added to safe_search_url_checker.

chrome/browser/safe_search_api/safe_search_url_checker.cc

Index: chrome/browser/safe_search_api/safe_search_url_checker.cc
diff --git a/chrome/browser/safe_search_api/safe_search_url_checker.cc b/chrome/browser/safe_search_api/safe_search_url_checker.cc
index 16dda018fcc8324bbc82d50720c0f966a51d859b..2dd64bac0c1c6380513e61ea570592209745e507 100644
--- a/chrome/browser/safe_search_api/safe_search_url_checker.cc
+++ b/chrome/browser/safe_search_api/safe_search_url_checker.cc
@@ -20,6 +20,7 @@
 #include "google_apis/google_api_keys.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context.h"
 #include "url/url_constants.h"
@@ -49,8 +50,32 @@ std::unique_ptr<net::URLFetcher> CreateFetcher(URLFetcherDelegate* delegate,
                                                URLRequestContextGetter* context,
                                                const std::string& api_key,
                                                const GURL& url) {
-  std::unique_ptr<net::URLFetcher> fetcher =
-      URLFetcher::Create(0, GURL(kApiUrl), URLFetcher::POST, delegate);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("safe_search_api", R"(
+        semantics {
+          sender: "SafeSearch API"
+          description:
+            "Checks whether a given URL (or set of URLs) is considered safe by "
+            "Google SafeSearch."
+          trigger: "..."

[Marc Treib, 2017/03/10 11:39:20]

Oh, this one is still missing.

For child accounts, it's triggered on every navigation (if the parent has
enabled the feature). But this class just implements talking to the API, so it's
really independent. Maybe msramek can comment on other (planned) uses.

Anyway, I'd be concerned about putting too much detail here, as that could
easily get outdated.

[msramek, 2017/03/14 16:13:02]

The other usecase, for which I extracted this code out, is on hold. We can
therefore use Marc's description.

"If the parent enabled this feature for the child account, this is sent for
every navigation."

However, I agree that this could get outdated, and therefore I suggest moving
the annotation a layer above (to the supervised_users/ code).

[Ramin Halavati, 2017/03/15 13:11:59]

Done.

+          data: "URL(s) to be checked."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature is only used in child accounts and cannot be "

[msramek, 2017/03/14 16:13:02]

Shouldn't we mention the SU dashboard then?

[Ramin Halavati, 2017/03/15 13:11:59]

Done.

+            "disabled by settings."
+          chrome_policy {
+            [POLICY_NAME] {

[msramek, 2017/03/14 16:13:02]

Ramin, how do we want to handle these cases?

The relation of parent<->child is very similar to that of admin<->corp user. The
parent can manage certain settings the same way as admin does. So while there's
technically no enterprise policy, there is something very similar.

[Ramin Halavati, 2017/03/15 13:11:59]

As discussed, we will keep it free-form now and if the number of cases like this
decrease, we will add new fields for it.

+              policy_options {mode: MANDATORY/RECOMMENDED/UNSET}
+              [POLICY_NAME]: ... //(value to disable it)
+            }
+          }
+          policy_exception_justification: "..."
+        })");
+  std::unique_ptr<net::URLFetcher> fetcher = URLFetcher::Create(
+      0, GURL(kApiUrl), URLFetcher::POST, delegate, traffic_annotation);
   fetcher->SetUploadData(kDataContentType, BuildRequestData(api_key, url));
   fetcher->SetRequestContext(context);
   fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |