SameSite: Strict/Lax behavior.

This patch brings our "SameSite" implementation into line with
https://tools.ietf.org/html/draft-west-first-party-cookies-06 by teaching
CookieOptions about strict and lax request modes, and teaching URLRequestHttpJob
about the registrable-domain behaviors of both.

BUG=459154
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review URL: https://codereview.chromium.org/1783813002

Cr-Commit-Position: refs/heads/master@{#382277}

2 files changed, 57 insertions, 14 deletions

diff --git a/content/browser/frame_host/render_frame_message_filter.cc b/content/browser/frame_host/render_frame_message_filter.cc
index 803ce42..6a9613f 100644
--- a/content/browser/frame_host/render_frame_message_filter.cc
+++ b/content/browser/frame_host/render_frame_message_filter.cc
@@ -21,6 +21,7 @@
 #include "content/public/common/content_constants.h"
 #include "content/public/common/content_switches.h"
 #include "gpu/GLES2/gl2extchromium.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cookies/cookie_options.h"
 #include "net/cookies/cookie_store.h"
 #include "net/url_request/url_request_context.h"
@@ -394,7 +395,18 @@ void RenderFrameMessageFilter::OnGetCookies(int render_frame_id,
   net::URLRequestContext* context = GetRequestContextForURL(url);
 
   net::CookieOptions options;
-  options.set_include_same_site();
+  if (net::registry_controlled_domains::SameDomainOrHost(
+          url, first_party_for_cookies,
+          net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
+    // TODO(mkwst): This check ought to further distinguish between frames
+    // initiated in a strict or lax same-site context.
+    options.set_same_site_cookie_mode(
+        net::CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
+  } else {
+    options.set_same_site_cookie_mode(
+        net::CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE);
+  }
+
   context->cookie_store()->GetCookieListWithOptionsAsync(
       url, options,
       base::Bind(&RenderFrameMessageFilter::CheckPolicyForCookies, this,
diff --git a/content/browser/frame_host/render_frame_message_filter_browsertest.cc b/content/browser/frame_host/render_frame_message_filter_browsertest.cc
index adf9516..1cd3cf0 100644
--- a/content/browser/frame_host/render_frame_message_filter_browsertest.cc
+++ b/content/browser/frame_host/render_frame_message_filter_browsertest.cc
@@ -39,7 +39,14 @@ std::string GetCookieFromJS(RenderFrameHost* frame) {
 
 }  // namespace
 
-using RenderFrameMessageFilterBrowserTest = ContentBrowserTest;
+class RenderFrameMessageFilterBrowserTest : public ContentBrowserTest {
+ protected:
+  void SetUp() override {
+    base::CommandLine::ForCurrentProcess()->AppendSwitch(
+        switches::kEnableExperimentalWebPlatformFeatures);
+    ContentBrowserTest::SetUp();
+  }
+};
 
 // Exercises basic cookie operations via javascript, including an http page
 // interacting with secure cookies.
@@ -80,26 +87,26 @@ IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, Cookies) {
   // Non-TLS page writes secure cookie.
   EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(),
                             "document.cookie = 'A=1; secure;';"));
-  EXPECT_EQ("A=1", GetCookieFromJS(web_contents_https->GetMainFrame()));
+  EXPECT_EQ("", GetCookieFromJS(web_contents_https->GetMainFrame()));
   EXPECT_EQ("", GetCookieFromJS(web_contents_http->GetMainFrame()));
 
   // TLS page writes not-secure cookie.
   EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(),
                             "document.cookie = 'B=2';"));
-  EXPECT_EQ("A=1; B=2", GetCookieFromJS(web_contents_https->GetMainFrame()));
+  EXPECT_EQ("B=2", GetCookieFromJS(web_contents_https->GetMainFrame()));
   EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame()));
 
-  // Non-TLS page writes secure cookie.
+  // TLS page writes secure cookie.
   EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(),
                             "document.cookie = 'C=3;secure;';"));
-  EXPECT_EQ("A=1; B=2; C=3",
+  EXPECT_EQ("B=2; C=3",
             GetCookieFromJS(web_contents_https->GetMainFrame()));
   EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame()));
 
   // TLS page writes not-secure cookie.
   EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(),
                             "document.cookie = 'D=4';"));
-  EXPECT_EQ("A=1; B=2; C=3; D=4",
+  EXPECT_EQ("B=2; C=3; D=4",
             GetCookieFromJS(web_contents_https->GetMainFrame()));
   EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame()));
 }
@@ -111,17 +118,41 @@ IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) {
   ASSERT_TRUE(embedded_test_server()->Start());
   SetupCrossSiteRedirector(embedded_test_server());
 
-  // The server sends a SameSite cookie. The RenderFrameMessageFilter should
-  // allow this to be sent to the renderer.
-  GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite");
+  // The server sets five cookies on 'a.com' and on 'b.com', then loads a
+  // page that frames both 'a.com' and 'b.com' under 'a.com'.
+  std::string cookies_to_set =
+      "/set-cookie?normal=1"
+      "&strict=1;SameSite=Strict"
+      "&lax=1;SameSite=Lax"
+      "&strict-http=1;SameSite=Strict;httponly"
+      "&lax-http=1;SameSite=Lax;httponly";
+
+  GURL url = embedded_test_server()->GetURL("a.com", cookies_to_set);
+  NavigateToURL(shell(), url);
+  url = embedded_test_server()->GetURL("b.com", cookies_to_set);
+  NavigateToURL(shell(), url);
+  url = embedded_test_server()->GetURL(
+      "a.com", "/cross_site_iframe_factory.html?a(a(),b())");
   NavigateToURL(shell(), url);
 
   WebContentsImpl* web_contents =
       static_cast<WebContentsImpl*>(shell()->web_contents());
-  EXPECT_EQ("http://127.0.0.1/",
-            web_contents->GetSiteInstance()->GetSiteURL().spec());
-
-  EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame()));
+  RenderFrameHost* main_frame = web_contents->GetMainFrame();
+  RenderFrameHost* a_iframe =
+      web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host();
+  RenderFrameHost* b_iframe =
+      web_contents->GetFrameTree()->root()->child_at(1)->current_frame_host();
+
+  // The top-level frame should get both kinds of same-site cookies.
+  EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame));
+
+  // Same-site cookies will be delievered to the 'a.com' frame, as it is same-
+  // site with its ancestors.
+  EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(a_iframe));
+
+  // Same-site cookies should not be delievered to the 'b.com' frame, as it
+  // isn't same-site with its ancestors.
+  EXPECT_EQ("normal=1", GetCookieFromJS(b_iframe));
 }
 
 // The RenderFrameMessageFilter will kill processes when they access the cookies