-
Mike West authored
Currently, we're setting the "site for cookies" only by looking at the top-level document. We ought to be verifying that the ancestor frames are same-site before doing so. We do this correctly in Blink (see `Document::SiteForCookies`), but didn't do so when navigating in the browser. This patch addresses the majority of the problem by walking the ancestor chain when processing a NavigationRequest. If all the ancestors are same-site, we set the "site for cookies" to the top-level document's URL. If they aren't all same-site, we set it to an empty URL to ensure that we don't send SameSite cookies. Bug: 833847 Change-Id: Icd77f31fa618fa9f8b59fc3b15e1bed6ee05aabd Reviewed-on: https://chromium-review.googlesource.com/1025772Reviewed-by:
Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#553942}
07fbae50
