Refactor transmission of security of source and http_only mods in cookie_monster.cc.

net/cookies/cookie_monster.h

Index: net/cookies/cookie_monster.h
diff --git a/net/cookies/cookie_monster.h b/net/cookies/cookie_monster.h
index 1ddbccc16270d77c15132f5c3703d56cc2f564bb..ff63c19f1994a7b561d38a38eeadc424642af9b7 100644
--- a/net/cookies/cookie_monster.h
+++ b/net/cookies/cookie_monster.h
@@ -150,9 +150,9 @@ class NET_EXPORT CookieMonster : public CookieStore {
   ~CookieMonster() override;
 
   // Replaces all the cookies by |list|. This method does not flush the backend.
-  // This method does not support setting secure cookies, which need source
-  // URLs.
-  // TODO(mmenke): This method is only used on iOS. Consider removing it.
+  // TODO(rdsmith, mmenke): Do not use this function; it is deprecated
+  // and should be removed.
+  // See https://codereview.chromium.org/2882063002/#msg64.

[droger, 2017/06/09 12:22:52]

If this function is broken in some way (i.e. does not support secure cookies),
can you say it in the comment?

[Randy Smith (Not in Mondays), 2017/06/09 13:43:34]

It actually isn't, anymore; it's really just doing a "delete all the cookies
that match this list, and insert everything in the list in the store."  I
figured that was what would be assumed from the comment and the name, so I
didn't worry about putting extra information in.

(A possible mis-assumption would be that this function deletes all cookies, not
just the ones that are being overwritten.  If you want, I can clarify that
and/or make it delete all the cookies; just let me know.)

[droger, 2017/06/09 15:17:32]

I just thought (from comments on other CL) that this function was not working
correctly with secure cookies. But if that's not the case, then it's fine like
this.

[droger, 2017/06/09 15:19:25]

Ah, after reading better... actually I fell into this mis-asumption, so it may
be worth clarifying this.

[Randy Smith (Not in Mondays), 2017/06/09 17:41:50]

It used to not work properly with secure cookies, but one of the effects of the
refactor in this CL is that now it does.

[Randy Smith (Not in Mondays), 2017/06/09 17:41:50]

Done.

   void SetAllCookiesAsync(const CookieList& list,
                           const SetCookiesCallback& callback);
 
@@ -514,7 +514,8 @@ class NET_EXPORT CookieMonster : public CookieStore {
                          std::vector<CanonicalCookie*>* cookies);
 
   // Delete any cookies that are equivalent to |ecc| (same path, domain, etc).
-  // |source_url| is the URL that is attempting to set the cookie.
+  // |source_secure| indicates if the source may override existing secure
+  // cookies.
   // If |skip_httponly| is true, httponly cookies will not be deleted.  The
   // return value will be true if |skip_httponly| skipped an httponly cookie or
   // the cookie to delete was Secure and the scheme of |ecc| is insecure.  |key|
@@ -523,15 +524,17 @@ class NET_EXPORT CookieMonster : public CookieStore {
   // NOTE: There should never be more than a single matching equivalent cookie.
   bool DeleteAnyEquivalentCookie(const std::string& key,
                                  const CanonicalCookie& ecc,
-                                 const GURL& source_url,
+                                 bool source_secure,
                                  bool skip_httponly,
                                  bool already_expired);
 
   // Inserts |cc| into cookies_. Returns an iterator that points to the inserted
   // cookie in cookies_. Guarantee: all iterators to cookies_ remain valid.
+  // |secure_source| indicates if the setting of the canonical cookie is
+  // coming from a secure source (e.g. a cryptographically schemed URL).
   CookieMap::iterator InternalInsertCookie(const std::string& key,
                                            std::unique_ptr<CanonicalCookie> cc,
-                                           const GURL& source_url,
+                                           bool source_secure,
                                            bool sync_to_store);
 
   // Helper function that sets cookies with more control.
@@ -542,15 +545,19 @@ class NET_EXPORT CookieMonster : public CookieStore {
                                            const base::Time& creation_time,
                                            const CookieOptions& options);
 
-  // Helper function that sets a canonical cookie, deleting equivalents and
-  // performing garbage collection.
-  // |source_url| is the URL that's attempting to set the cookie.
-  bool SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
-                          const GURL& source_url,
-                          const CookieOptions& options);
-
-  // Helper function calling SetCanonicalCookie() for all cookies in |list|.
-  bool SetCanonicalCookies(const CookieList& list);
+  // Sets a canonical cookie, deletes equivalents and performs garbage
+  // collection.  |source_secure| indicates if the cookie is being set
+  // from a secure source (e.g. a cryptographic scheme).
+  // |modify_http_only| indicates if this setting operation is allowed
+  // to affect http_only cookies.
+  bool SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cookie,
+                          bool secure_source,
+                          bool can_modify_httponly);
+
+  // Sets all cookies from |list| after deleting any equivalent cookie.
+  // For data gathering purposes, this routine is treated as if it is
+  // restoring saved cookies; some statistics are not gathered in this case.
+  bool SetAllCookies(const CookieList& list);
 
   void InternalUpdateCookieAccessTime(CanonicalCookie* cc,
                                       const base::Time& current_time);