Move CookieSettings to //components/content_settings/core/browser.

This CL splits the factory in a separate file and moves the service in
the component.
The class is also moved to the content_settings namespace.

BUG=503973
TBR=jochen

Review URL: https://codereview.chromium.org/1214763002

Cr-Commit-Position: refs/heads/master@{#336745}

5 files changed, 588 insertions, 0 deletions

diff --git a/components/content_settings/core/browser/BUILD.gn b/components/content_settings/core/browser/BUILD.gn
index 5fcff79..1c004f7 100644
--- a/components/content_settings/core/browser/BUILD.gn
+++ b/components/content_settings/core/browser/BUILD.gn
@@ -31,6 +31,8 @@ static_library("browser") {
     "content_settings_usages_state.h",
     "content_settings_utils.cc",
     "content_settings_utils.h",
+    "cookie_settings.cc",
+    "cookie_settings.h",
     "host_content_settings_map.cc",
     "host_content_settings_map.h",
     "local_shared_objects_counter.h",
@@ -59,6 +61,7 @@ source_set("unit_tests") {
     "content_settings_provider_unittest.cc",
     "content_settings_rule_unittest.cc",
     "content_settings_utils_unittest.cc",
+    "cookie_settings_unittest.cc",
     "plugins_field_trial_unittest.cc",
   ]
 
diff --git a/components/content_settings/core/browser/DEPS b/components/content_settings/core/browser/DEPS
index 0bc7443..ee92881 100644
--- a/components/content_settings/core/browser/DEPS
+++ b/components/content_settings/core/browser/DEPS
@@ -1,6 +1,7 @@
 include_rules = [
   "+components/content_settings/core/common",
   "+components/content_settings/core/test",
+  "+components/keyed_service/core",
   "+components/plugins/common",
   "+components/pref_registry",
   "+net/base",
diff --git a/components/content_settings/core/browser/cookie_settings.cc b/components/content_settings/core/browser/cookie_settings.cc
new file mode 100644
index 0000000..94ffb39
--- /dev/null
+++ b/components/content_settings/core/browser/cookie_settings.cc
@@ -0,0 +1,176 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/content_settings/core/browser/cookie_settings.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "base/prefs/pref_service.h"
+#include "components/content_settings/core/browser/content_settings_utils.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
+#include "components/content_settings/core/common/pref_names.h"
+#include "components/pref_registry/pref_registry_syncable.h"
+#include "net/base/net_errors.h"
+#include "net/base/static_cookie_policy.h"
+#include "url/gurl.h"
+
+namespace {
+
+bool IsValidSetting(ContentSetting setting) {
+  return (setting == CONTENT_SETTING_ALLOW ||
+          setting == CONTENT_SETTING_SESSION_ONLY ||
+          setting == CONTENT_SETTING_BLOCK);
+}
+
+bool IsAllowed(ContentSetting setting) {
+  DCHECK(IsValidSetting(setting));
+  return (setting == CONTENT_SETTING_ALLOW ||
+          setting == CONTENT_SETTING_SESSION_ONLY);
+}
+
+}  // namespace
+
+namespace content_settings {
+
+CookieSettings::CookieSettings(
+    HostContentSettingsMap* host_content_settings_map,
+    PrefService* prefs,
+    const char* extension_scheme)
+    : host_content_settings_map_(host_content_settings_map),
+      extension_scheme_(extension_scheme),
+      block_third_party_cookies_(
+          prefs->GetBoolean(prefs::kBlockThirdPartyCookies)) {
+  pref_change_registrar_.Init(prefs);
+  pref_change_registrar_.Add(
+      prefs::kBlockThirdPartyCookies,
+      base::Bind(&CookieSettings::OnBlockThirdPartyCookiesChanged,
+                 base::Unretained(this)));
+}
+
+ContentSetting CookieSettings::GetDefaultCookieSetting(
+    std::string* provider_id) const {
+  return host_content_settings_map_->GetDefaultContentSetting(
+      CONTENT_SETTINGS_TYPE_COOKIES, provider_id);
+}
+
+bool CookieSettings::IsReadingCookieAllowed(const GURL& url,
+                                            const GURL& first_party_url) const {
+  ContentSetting setting = GetCookieSetting(url, first_party_url, false, NULL);
+  return IsAllowed(setting);
+}
+
+bool CookieSettings::IsSettingCookieAllowed(const GURL& url,
+                                            const GURL& first_party_url) const {
+  ContentSetting setting = GetCookieSetting(url, first_party_url, true, NULL);
+  return IsAllowed(setting);
+}
+
+bool CookieSettings::IsCookieSessionOnly(const GURL& origin) const {
+  ContentSetting setting = GetCookieSetting(origin, origin, true, NULL);
+  DCHECK(IsValidSetting(setting));
+  return (setting == CONTENT_SETTING_SESSION_ONLY);
+}
+
+void CookieSettings::GetCookieSettings(
+    ContentSettingsForOneType* settings) const {
+  return host_content_settings_map_->GetSettingsForOneType(
+      CONTENT_SETTINGS_TYPE_COOKIES, std::string(), settings);
+}
+
+void CookieSettings::RegisterProfilePrefs(
+    user_prefs::PrefRegistrySyncable* registry) {
+  registry->RegisterBooleanPref(
+      prefs::kBlockThirdPartyCookies, false,
+      user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+}
+
+void CookieSettings::SetDefaultCookieSetting(ContentSetting setting) {
+  DCHECK(IsValidSetting(setting));
+  host_content_settings_map_->SetDefaultContentSetting(
+      CONTENT_SETTINGS_TYPE_COOKIES, setting);
+}
+
+void CookieSettings::SetCookieSetting(
+    const ContentSettingsPattern& primary_pattern,
+    const ContentSettingsPattern& secondary_pattern,
+    ContentSetting setting) {
+  DCHECK(IsValidSetting(setting));
+  if (setting == CONTENT_SETTING_SESSION_ONLY) {
+    DCHECK(secondary_pattern == ContentSettingsPattern::Wildcard());
+  }
+  host_content_settings_map_->SetContentSetting(
+      primary_pattern, secondary_pattern, CONTENT_SETTINGS_TYPE_COOKIES,
+      std::string(), setting);
+}
+
+void CookieSettings::ResetCookieSetting(
+    const ContentSettingsPattern& primary_pattern,
+    const ContentSettingsPattern& secondary_pattern) {
+  host_content_settings_map_->SetContentSetting(
+      primary_pattern, secondary_pattern, CONTENT_SETTINGS_TYPE_COOKIES,
+      std::string(), CONTENT_SETTING_DEFAULT);
+}
+
+void CookieSettings::ShutdownOnUIThread() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  pref_change_registrar_.RemoveAll();
+}
+
+ContentSetting CookieSettings::GetCookieSetting(const GURL& url,
+                                                const GURL& first_party_url,
+                                                bool setting_cookie,
+                                                SettingSource* source) const {
+  if (HostContentSettingsMap::ShouldAllowAllContent(
+          url, first_party_url, CONTENT_SETTINGS_TYPE_COOKIES))
+    return CONTENT_SETTING_ALLOW;
+
+  // First get any host-specific settings.
+  SettingInfo info;
+  scoped_ptr<base::Value> value = host_content_settings_map_->GetWebsiteSetting(
+      url, first_party_url, CONTENT_SETTINGS_TYPE_COOKIES, std::string(),
+      &info);
+  if (source)
+    *source = info.source;
+
+  // If no explicit exception has been made and third-party cookies are blocked
+  // by default, apply that rule.
+  if (info.primary_pattern.MatchesAllHosts() &&
+      info.secondary_pattern.MatchesAllHosts() &&
+      ShouldBlockThirdPartyCookies() &&
+      !first_party_url.SchemeIs(extension_scheme_)) {
+    net::StaticCookiePolicy policy(
+        net::StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES);
+    int rv;
+    if (setting_cookie)
+      rv = policy.CanSetCookie(url, first_party_url);
+    else
+      rv = policy.CanGetCookies(url, first_party_url);
+    DCHECK_NE(net::ERR_IO_PENDING, rv);
+    if (rv != net::OK)
+      return CONTENT_SETTING_BLOCK;
+  }
+
+  // We should always have a value, at least from the default provider.
+  DCHECK(value.get());
+  return ValueToContentSetting(value.get());
+}
+
+CookieSettings::~CookieSettings() {
+}
+
+void CookieSettings::OnBlockThirdPartyCookiesChanged() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  base::AutoLock auto_lock(lock_);
+  block_third_party_cookies_ = pref_change_registrar_.prefs()->GetBoolean(
+      prefs::kBlockThirdPartyCookies);
+}
+
+bool CookieSettings::ShouldBlockThirdPartyCookies() const {
+  base::AutoLock auto_lock(lock_);
+  return block_third_party_cookies_;
+}
+
+}  // namespace content_settings
diff --git a/components/content_settings/core/browser/cookie_settings.h b/components/content_settings/core/browser/cookie_settings.h
new file mode 100644
index 0000000..063e7e6
--- /dev/null
+++ b/components/content_settings/core/browser/cookie_settings.h
@@ -0,0 +1,133 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_CONTENT_SETTINGS_CORE_BROWSER_COOKIE_SETTINGS_H_
+#define COMPONENTS_CONTENT_SETTINGS_CORE_BROWSER_COOKIE_SETTINGS_H_
+
+#include <string>
+
+#include "base/compiler_specific.h"
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/prefs/pref_change_registrar.h"
+#include "base/synchronization/lock.h"
+#include "base/threading/thread_checker.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/content_settings/core/common/content_settings.h"
+#include "components/keyed_service/core/refcounted_keyed_service.h"
+
+class ContentSettingsPattern;
+class GURL;
+class PrefService;
+
+namespace content_settings {
+
+// A frontend to the cookie settings of |HostContentSettingsMap|. Handles
+// cookie-specific logic such as blocking third-party cookies. Written on the UI
+// thread and read on any thread.
+class CookieSettings : public RefcountedKeyedService {
+ public:
+  // Creates a new CookieSettings instance.
+  // The caller is responsible for ensuring that |extension_scheme| is valid for
+  // the whole lifetime of this instance.
+  CookieSettings(HostContentSettingsMap* host_content_settings_map,
+                 PrefService* prefs,
+                 const char* extension_scheme);
+
+  // Returns the default content setting (CONTENT_SETTING_ALLOW,
+  // CONTENT_SETTING_BLOCK, or CONTENT_SETTING_SESSION_ONLY) for cookies. If
+  // |provider_id| is not NULL, the id of the provider which provided the
+  // default setting is assigned to it.
+  //
+  // This may be called on any thread.
+  ContentSetting GetDefaultCookieSetting(std::string* provider_id) const;
+
+  // Returns true if the page identified by (|url|, |first_party_url|) is
+  // allowed to read cookies.
+  //
+  // This may be called on any thread.
+  bool IsReadingCookieAllowed(const GURL& url,
+                              const GURL& first_party_url) const;
+
+  // Returns true if the page identified by (|url|, |first_party_url|) is
+  // allowed to set cookies (permanent or session only).
+  //
+  // This may be called on any thread.
+  bool IsSettingCookieAllowed(const GURL& url,
+                              const GURL& first_party_url) const;
+
+  // Returns true if the cookie set by a page identified by |url| should be
+  // session only. Querying this only makes sense if |IsSettingCookieAllowed|
+  // has returned true.
+  //
+  // This may be called on any thread.
+  bool IsCookieSessionOnly(const GURL& url) const;
+
+  // Returns all patterns with a non-default cookie setting, mapped to their
+  // actual settings, in the precedence order of the setting rules. |settings|
+  // must be a non-NULL outparam.
+  //
+  // This may be called on any thread.
+  void GetCookieSettings(ContentSettingsForOneType* settings) const;
+
+  // Sets the default content setting (CONTENT_SETTING_ALLOW,
+  // CONTENT_SETTING_BLOCK, or CONTENT_SETTING_SESSION_ONLY) for cookies.
+  //
+  // This should only be called on the UI thread.
+  void SetDefaultCookieSetting(ContentSetting setting);
+
+  // Sets the cookie setting for the given patterns.
+  //
+  // This should only be called on the UI thread.
+  void SetCookieSetting(const ContentSettingsPattern& primary_pattern,
+                        const ContentSettingsPattern& secondary_pattern,
+                        ContentSetting setting);
+
+  // Resets the cookie setting for the given patterns.
+  //
+  // This should only be called on the UI thread.
+  void ResetCookieSetting(const ContentSettingsPattern& primary_pattern,
+                          const ContentSettingsPattern& secondary_pattern);
+
+  // Detaches the |CookieSettings| from |PrefService|. This methods needs to be
+  // called before destroying the service. Afterwards, only const methods can be
+  // called.
+  void ShutdownOnUIThread() override;
+
+  // A helper for applying third party cookie blocking rules.
+  ContentSetting GetCookieSetting(
+      const GURL& url,
+      const GURL& first_party_url,
+      bool setting_cookie,
+      content_settings::SettingSource* source) const;
+
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
+ private:
+  ~CookieSettings() override;
+
+  void OnBlockThirdPartyCookiesChanged();
+
+  // Returns true if the "block third party cookies" preference is set.
+  //
+  // This method may be called on any thread.
+  bool ShouldBlockThirdPartyCookies() const;
+
+  base::ThreadChecker thread_checker_;
+  scoped_refptr<HostContentSettingsMap> host_content_settings_map_;
+  PrefChangeRegistrar pref_change_registrar_;
+  const char* extension_scheme_;  // Weak.
+
+  // Used around accesses to |block_third_party_cookies_| to guarantee thread
+  // safety.
+  mutable base::Lock lock_;
+
+  bool block_third_party_cookies_;
+
+  DISALLOW_COPY_AND_ASSIGN(CookieSettings);
+};
+
+}  // namespace content_settings
+
+#endif  // COMPONENTS_CONTENT_SETTINGS_CORE_BROWSER_COOKIE_SETTINGS_H_
diff --git a/components/content_settings/core/browser/cookie_settings_unittest.cc b/components/content_settings/core/browser/cookie_settings_unittest.cc
new file mode 100644
index 0000000..bbdcbae
--- /dev/null
+++ b/components/content_settings/core/browser/cookie_settings_unittest.cc
@@ -0,0 +1,275 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/content_settings/core/browser/cookie_settings.h"
+
+#include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
+#include "components/content_settings/core/common/pref_names.h"
+#include "components/pref_registry/testing_pref_service_syncable.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+namespace content_settings {
+
+namespace {
+
+class CookieSettingsTest : public testing::Test {
+ public:
+  CookieSettingsTest()
+      : kBlockedSite("http://ads.thirdparty.com"),
+        kAllowedSite("http://good.allays.com"),
+        kFirstPartySite("http://cool.things.com"),
+        kBlockedFirstPartySite("http://no.thirdparties.com"),
+        kExtensionURL("chrome-extension://deadbeef"),
+        kHttpsSite("https://example.com"),
+        kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
+    CookieSettings::RegisterProfilePrefs(prefs_.registry());
+    HostContentSettingsMap::RegisterProfilePrefs(prefs_.registry());
+    settings_map_ = new HostContentSettingsMap(&prefs_, false);
+    cookie_settings_ =
+        new CookieSettings(settings_map_.get(), &prefs_, "chrome-extension");
+  }
+
+  ~CookieSettingsTest() override { settings_map_->ShutdownOnUIThread(); }
+
+ protected:
+  user_prefs::TestingPrefServiceSyncable prefs_;
+  scoped_refptr<HostContentSettingsMap> settings_map_;
+  scoped_refptr<CookieSettings> cookie_settings_;
+  const GURL kBlockedSite;
+  const GURL kAllowedSite;
+  const GURL kFirstPartySite;
+  const GURL kBlockedFirstPartySite;
+  const GURL kExtensionURL;
+  const GURL kHttpsSite;
+  ContentSettingsPattern kAllHttpsSitesPattern;
+};
+
+TEST_F(CookieSettingsTest, CookiesBlockSingle) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kBlockedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kBlockedSite));
+}
+
+TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
+  prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
+}
+
+TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
+}
+
+TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kBlockedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+}
+
+TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kBlockedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_SESSION_ONLY);
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
+
+  prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
+  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
+}
+
+TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
+  prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+
+  // Extensions should always be allowed to use cookies.
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kExtensionURL));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kExtensionURL));
+}
+
+TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
+  prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
+  // As an example for a pattern that matches all hosts but not all origins,
+  // match all HTTPS sites.
+  cookie_settings_->SetCookieSetting(kAllHttpsSitesPattern,
+                                     ContentSettingsPattern::Wildcard(),
+                                     CONTENT_SETTING_ALLOW);
+  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
+
+  // |kAllowedSite| should be allowed.
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kBlockedSite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kBlockedSite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+
+  // HTTPS sites should be allowed in a first-party context.
+  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kHttpsSite, kHttpsSite));
+  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(kHttpsSite, kHttpsSite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+
+  // HTTP sites should be allowed, but session-only.
+  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
+                                                       kFirstPartySite));
+  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
+                                                       kFirstPartySite));
+  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
+
+  // Third-party cookies should be blocked.
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kFirstPartySite, kBlockedSite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kFirstPartySite, kBlockedSite));
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kHttpsSite, kBlockedSite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kHttpsSite, kBlockedSite));
+}
+
+TEST_F(CookieSettingsTest, CookiesBlockEverything) {
+  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
+
+  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
+                                                        kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
+                                                        kFirstPartySite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+}
+
+TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
+  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
+  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
+                                                        kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
+                                                        kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kAllowedSite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kAllowedSite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+}
+
+TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::FromURL(kFirstPartySite), CONTENT_SETTING_ALLOW);
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
+      CONTENT_SETTING_BLOCK);
+
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+
+  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
+      kAllowedSite, kBlockedFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
+      kAllowedSite, kBlockedFirstPartySite));
+
+  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
+
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
+
+  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
+      kAllowedSite, kBlockedFirstPartySite));
+  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
+      kAllowedSite, kBlockedFirstPartySite));
+
+  cookie_settings_->ResetCookieSetting(
+      ContentSettingsPattern::FromURL(kAllowedSite),
+      ContentSettingsPattern::FromURL(kFirstPartySite));
+
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
+  EXPECT_FALSE(
+      cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
+}
+
+TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
+  cookie_settings_->SetCookieSetting(
+      ContentSettingsPattern::FromURL(kBlockedSite),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
+
+  // Regular cookie settings also apply to extensions.
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kExtensionURL));
+}
+
+TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
+  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
+
+#if defined(ENABLE_EXTENSIONS)
+  // Extensions can always use cookies (and site data) in their own origin.
+  EXPECT_TRUE(
+      cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
+#else
+  // Except if extensions are disabled. Then the extension-specific checks do
+  // not exist and the default setting is to block.
+  EXPECT_FALSE(
+      cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
+#endif
+}
+
+TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
+  prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
+
+  // XHRs stemming from extensions are exempt from third-party cookie blocking
+  // rules (as the first party is always the extension's security origin).
+  EXPECT_TRUE(
+      cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kExtensionURL));
+}
+
+}  // namespace
+
+}  // namespace content_settings