-
asvitkine authored
Since external experiment ids are not based on Chrome's low entropy source, they do not have the same guarantees about not identifying a user as Chrome's variations. As such, we should only transmit them for signed in users, whose identity is already known by Google so there's no risk of identifying them through these headers. Note: The signed-in state checking in this CL is only done for web content area requests and not other internal requests, like to the suggestion service, where it treats the state as "not signed in". This is fine to do because variations service ids are still sent, which is what the other call sites are interested in. BUG=672532 TBR=mpearson@chromium.org,mattm@chromium.org,donnd@chromium.org,afakhry@chromium.org Review-Url: https://codereview.chromium.org/2558913003 Cr-Commit-Position: refs/heads/master@{#437959}
9ed7b561
