Remove dangerous CanonicalCookie::Create method.

net/cookies/cookie_store_unittest.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_COOKIES_COOKIE_STORE_UNITTEST_H_
 #define NET_COOKIES_COOKIE_STORE_UNITTEST_H_
 
 #include <set>
 #include <string>
 #include <vector>
@@ skipping 447 matching lines @@
   EXPECT_FALSE(it->IsPersistent());
   // Some CookieStores don't store last access date.
   if (!it->LastAccessDate().is_null())
     EXPECT_EQ(it->CreationDate(), it->LastAccessDate());
   EXPECT_TRUE(it->IsSecure());
   EXPECT_FALSE(it->IsHttpOnly());
 
   EXPECT_TRUE(++it == cookies.end());
 }
 
+// Test enforcement around setting secure cookies.
+TYPED_TEST_P(CookieStoreTest, SetCookieWithDetailsSecureEnforcement) {
+  CookieStore* cs = this->GetCookieStore();
+  GURL http_url(this->http_www_google_.url());
+  std::string http_domain(http_url.host());
+  GURL https_url(this->https_www_google_.url());
+  std::string https_domain(https_url.host());
+
+  // Confirm that setting the secure attribute on an HTTP URL fails, but
+  // the other combinations work.
+  EXPECT_TRUE(this->SetCookieWithDetails(
+      cs, http_url, "A", "B", http_domain, "/", base::Time::Now(), base::Time(),
+      base::Time(), false, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_FALSE(this->SetCookieWithDetails(
+      cs, http_url, "A", "B", http_domain, "/", base::Time::Now(), base::Time(),
+      base::Time(), true, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_TRUE(this->SetCookieWithDetails(
+      cs, https_url, "A", "B", https_domain, "/", base::Time::Now(),
+      base::Time(), base::Time(), false, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+  EXPECT_TRUE(this->SetCookieWithDetails(
+      cs, https_url, "A", "B", https_domain, "/", base::Time::Now(),
+      base::Time(), base::Time(), true, false, CookieSameSite::NO_RESTRICTION,
+      COOKIE_PRIORITY_DEFAULT));
+}
+
 // The iOS networking stack uses the iOS cookie parser, which we do not
 // control. While it is spec-compliant, that does not match the practical
 // behavior of most UAs in some cases, which we try to replicate. See
 // https://crbug.com/638389 for more information.
 TYPED_TEST_P(CookieStoreTest, EmptyKeyTest) {
 #if !defined(OS_IOS)
   CookieStore* cs = this->GetCookieStore();
 
   GURL url1("http://foo1.bar.com");
   EXPECT_TRUE(this->SetCookie(cs, url1, "foo"));
@@ skipping 938 matching lines @@
   this->MatchCookieLines("A=B; C=D",
                          this->GetCookies(cs, this->http_www_google_.url()));
   // Delete the session cookie.
   this->DeleteSessionCookies(cs);
   // Check that the session cookie has been deleted but not the persistent one.
   EXPECT_EQ("C=D", this->GetCookies(cs, this->http_www_google_.url()));
 }
 
 REGISTER_TYPED_TEST_CASE_P(CookieStoreTest,
                            SetCookieWithDetailsAsync,
+                           SetCookieWithDetailsSecureEnforcement,
                            EmptyKeyTest,
                            DomainTest,
                            DomainWithTrailingDotTest,
                            ValidSubdomainTest,
                            InvalidDomainTest,
                            InvalidDomainSameDomainAndRegistry,
                            DomainWithoutLeadingDotParentDomain,
                            DomainWithoutLeadingDotSameDomain,
                            CaseInsensitiveDomainTest,
                            TestIpAddress,
@@ skipping 20 matching lines @@
                            OverwritePersistentCookie,
                            CookieOrdering,
                            GetAllCookiesAsync,
                            DeleteCookieAsync,
                            DeleteCanonicalCookieAsync,
                            DeleteSessionCookie);
 
 }  // namespace net
 
 #endif  // NET_COOKIES_COOKIE_STORE_UNITTEST_H_