2 files changed, 23 insertions, 2 deletions

diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index 4c2e2c3..3f51f3d 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -64,6 +64,12 @@ uint64 GenerateURLRequestIdentifier() {
   return g_next_url_request_identifier++;
 }
 
+// True once the first URLRequest was started.
+bool g_url_requests_started = false;
+
+// True if cookies are accepted by default.
+bool g_default_can_use_cookies = true;
+
 }  // namespace
 
 URLRequest::ProtocolFactory*
@@ -321,6 +327,12 @@ int URLRequest::GetResponseCode() {
 }
 
 // static
+void URLRequest::SetDefaultCookiePolicyToBlock() {
+  CHECK(!g_url_requests_started);
+  g_default_can_use_cookies = false;
+}
+
+// static
 bool URLRequest::IsHandledProtocol(const std::string& scheme) {
   return URLRequestJobManager::GetInstance()->SupportsScheme(scheme);
 }
@@ -379,6 +391,7 @@ void URLRequest::set_delegate(Delegate* delegate) {
 }
 
 void URLRequest::Start() {
+  g_url_requests_started = true;
   response_info_.request_time = Time::Now();
 
   // Only notify the delegate for the initial request.
@@ -819,7 +832,7 @@ bool URLRequest::CanGetCookies(const CookieList& cookie_list) const {
     return context_->network_delegate()->NotifyReadingCookies(this,
                                                               cookie_list);
   }
-  return false;
+  return g_default_can_use_cookies;
 }
 
 bool URLRequest::CanSetCookie(const std::string& cookie_line,
@@ -830,7 +843,7 @@ bool URLRequest::CanSetCookie(const std::string& cookie_line,
                                                              cookie_line,
                                                              options);
   }
-  return false;
+  return g_default_can_use_cookies;
 }
 
 
diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h
index d73d2fe..e204c6b 100644
--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -291,6 +291,14 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // will not have any more of its methods called.
   virtual ~URLRequest();
 
+  // Changes the default cookie policy from allowing all cookies to blocking all
+  // cookies. Embedders that want to implement a more flexible policy should
+  // change the default to blocking all cookies, and provide a NetworkDelegate
+  // with the URLRequestContext that maintains the CookieStore.
+  // The cookie policy default has to be set before the first URLRequest is
+  // started. Once it was set to block all cookies, it cannot be changed back.
+  static void SetDefaultCookiePolicyToBlock();
+
   // Returns true if the scheme can be handled by URLRequest. False otherwise.
   static bool IsHandledProtocol(const std::string& scheme);