Add schemeful same-site to SameSite enterprise policy

Determine which cookie context, schemeless vs schemeful, to use based on the LegacySameSiteCookieBehaviorEnabled and LegacySameSiteCookieBehaviorEnabledForDomainList enterprise policies. This functionality may also be triggered if SameSiteByDefaultCookies is disabled. This seems acceptable because it's odd to decrease SameSite protections by disabling SameSiteByDefaultCookies but also want to increase those protections by having Schemeful Same-Site. Also update the documentation for the policies. Bug: 1101037 Change-Id: I6f74f6448147b451bbf8ae5aa0157277dd00639c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283505Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Reviewed-by: Christian Dullweber <dullweber@chromium.org> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/master@{#789467}

Add schemeful same-site to SameSite enterprise policy
Determine which cookie context, schemeless vs schemeful, to use based on the LegacySameSiteCookieBehaviorEnabled and LegacySameSiteCookieBehaviorEnabledForDomainList enterprise policies. This functionality may also be triggered if SameSiteByDefaultCookies is disabled. This seems acceptable because it's odd to decrease SameSite protections by disabling SameSiteByDefaultCookies but also want to increase those protections by having Schemeful Same-Site. Also update the documentation for the policies. Bug: 1101037 Change-Id: I6f74f6448147b451bbf8ae5aa0157277dd00639c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283505Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Reviewed-by: Christian Dullweber <dullweber@chromium.org> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/master@{#789467}
01b87f99 · Steven Bingler · Commit Bot · 3b02ffb5 · 01b87f99 · 01b87f99
Commit 01b87f99 authored Jul 17, 2020 by Steven Bingler Committed by Commit Bot Jul 17, 2020
5 changed files
--- a/chrome/browser/net/samesite_cookies_policy_browsertest.cc
+++ b/chrome/browser/net/samesite_cookies_policy_browsertest.cc
@@ -26,15 +26,17 @@ const char kURL[] = "http://example.com";
 }  // namespace

 // Test fixture that enables (if param is true) and disables (if param is false)
-// SameSite-by-default and Cookies-without-SameSite-must-be-Secure, to test the
-// policies that override those features, under both conditions.
+// SameSite-by-default, Cookies-without-SameSite-must-be-Secure, and Schemeful
+// Same-Site to test the policies that override those features, under both
+// conditions.
 class SameSiteCookiesPolicyTest : public PolicyTest,
                                  public ::testing::WithParamInterface<bool> {
 public:
  SameSiteCookiesPolicyTest() {
    std::vector<base::Feature> samesite_features = {
        net::features::kSameSiteByDefaultCookies,
-        net::features::kCookiesWithoutSameSiteMustBeSecure};
+        net::features::kCookiesWithoutSameSiteMustBeSecure,
+        net::features::kSchemefulSameSite};
    if (AreSameSiteFeaturesEnabled()) {
      feature_list_.InitWithFeatures(samesite_features /* enabled */, {});
    } else {
@@ -90,6 +92,25 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
                                net::CookieOptions::SameSiteCookieContext(
                                    net::CookieOptions::SameSiteCookieContext::
                                        ContextType::CROSS_SITE)));
+
+  // When Schemeful Same-Site is enabled a context downgrade to an insufficient
+  // context should still be allowed with legacy access. This'll always work if
+  // Schemeful Same-Site is disabled because the schemeless context is Lax
+  // which is sufficient.
+  EXPECT_TRUE(content::SetCookie(
+      profile, url, "samesite-lax=1; SameSite=Lax",
+      net::CookieOptions::SameSiteCookieContext(
+          net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX,
+          net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)));
+  // Similarly when we try to get the cookie.
+  EXPECT_THAT(
+      content::GetCookies(profile, url,
+                          net::CookieOptions::SameSiteCookieContext(
+                              net::CookieOptions::SameSiteCookieContext::
+                                  ContextType::SAME_SITE_LAX,
+                              net::CookieOptions::SameSiteCookieContext::
+                                  ContextType::CROSS_SITE)),
+      testing::HasSubstr("samesite-lax=1"));
 }

 IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
@@ -132,6 +153,48 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
                                net::CookieOptions::SameSiteCookieContext(
                                    net::CookieOptions::SameSiteCookieContext::
                                        ContextType::CROSS_SITE)));
+
+  // When Schemeful Same-Site is enabled a context downgrade to an insufficient
+  // context should always be blocked. If Schemeful Same-Site is disabled then
+  // this shouldn't be blocked.
+  // Similarly when we try to get the cookie.
+  if (AreSameSiteFeaturesEnabled()) {
+    EXPECT_FALSE(
+        content::SetCookie(profile, url, "samesite-lax=1; SameSite=Lax",
+                           net::CookieOptions::SameSiteCookieContext(
+                               net::CookieOptions::SameSiteCookieContext::
+                                   ContextType::SAME_SITE_LAX,
+                               net::CookieOptions::SameSiteCookieContext::
+                                   ContextType::CROSS_SITE)));
+    // We should be able to get the cookie which was previously added.
+    EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url));
+    // But no cookies should be returned for a downgrade to an insufficient
+    // context, since SameSite-by-default is active which requires a minimum of
+    // a Lax context.
+    EXPECT_EQ(
+        "", content::GetCookies(profile, url,
+                                net::CookieOptions::SameSiteCookieContext(
+                                    net::CookieOptions::SameSiteCookieContext::
+                                        ContextType::SAME_SITE_LAX,
+                                    net::CookieOptions::SameSiteCookieContext::
+                                        ContextType::CROSS_SITE)));
+  } else {
+    EXPECT_TRUE(
+        content::SetCookie(profile, url, "samesite-lax=1; SameSite=Lax",
+                           net::CookieOptions::SameSiteCookieContext(
+                               net::CookieOptions::SameSiteCookieContext::
+                                   ContextType::SAME_SITE_LAX,
+                               net::CookieOptions::SameSiteCookieContext::
+                                   ContextType::CROSS_SITE)));
+    EXPECT_THAT(
+        content::GetCookies(profile, url,
+                            net::CookieOptions::SameSiteCookieContext(
+                                net::CookieOptions::SameSiteCookieContext::
+                                    ContextType::SAME_SITE_LAX,
+                                net::CookieOptions::SameSiteCookieContext::
+                                    ContextType::CROSS_SITE)),
+        testing::HasSubstr("samesite-lax=1"));
+  }
 }

 IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
@@ -190,6 +253,25 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
                                net::CookieOptions::SameSiteCookieContext(
                                    net::CookieOptions::SameSiteCookieContext::
                                        ContextType::CROSS_SITE)));
+  // When Schemeful Same-Site is enabled a context downgrade to an insufficient
+  // context should still be allowed with legacy access. This'll always work if
+  // Schemeful Same-Site is disabled because the schemeless context is Lax
+  // which is sufficient.
+  EXPECT_TRUE(content::SetCookie(
+      profile, legacy_allowed_domain_url, "samesite-lax=1; SameSite=Lax",
+      net::CookieOptions::SameSiteCookieContext(
+          net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX,
+          net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)));
+  // Similarly when we try to get the cookie.
+  EXPECT_THAT(
+      content::GetCookies(profile, legacy_allowed_domain_url,
+                          net::CookieOptions::SameSiteCookieContext(
+                              net::CookieOptions::SameSiteCookieContext::
+                                  ContextType::SAME_SITE_LAX,
+                              net::CookieOptions::SameSiteCookieContext::
+                                  ContextType::CROSS_SITE)),
+      testing::HasSubstr("samesite-lax=1"));
+
  // For the domain that is not Legacy by policy, we expect it to work only if
  // the SameSite features are disabled.
  if (AreSameSiteFeaturesEnabled()) {
@@ -205,6 +287,26 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
                                net::CookieOptions::SameSiteCookieContext(
                                    net::CookieOptions::SameSiteCookieContext::
                                        ContextType::CROSS_SITE)));
+    EXPECT_FALSE(content::SetCookie(
+        profile, other_domain_url, "samesite-lax=1; SameSite=Lax",
+        net::CookieOptions::SameSiteCookieContext(
+            net::CookieOptions::SameSiteCookieContext::ContextType::
+                SAME_SITE_LAX,
+            net::CookieOptions::SameSiteCookieContext::ContextType::
+                CROSS_SITE)));
+    // We should be able to get the cookie which was previously added.
+    EXPECT_EQ("samesite-unspecified=1",
+              content::GetCookies(profile, other_domain_url));
+    // But no cookies should be returned for a downgrade to an insufficient
+    // context, since SameSite-by-default is active which requires a minimum of
+    // a Lax context.
+    EXPECT_EQ(
+        "", content::GetCookies(profile, other_domain_url,
+                                net::CookieOptions::SameSiteCookieContext(
+                                    net::CookieOptions::SameSiteCookieContext::
+                                        ContextType::SAME_SITE_LAX,
+                                    net::CookieOptions::SameSiteCookieContext::
+                                        ContextType::CROSS_SITE)));
  } else {
    EXPECT_TRUE(
        content::SetCookie(profile, other_domain_url, "samesite-unspecified=2",
@@ -219,6 +321,22 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
                            net::CookieOptions::SameSiteCookieContext(
                                net::CookieOptions::SameSiteCookieContext::
                                    ContextType::CROSS_SITE)));
+
+    EXPECT_TRUE(content::SetCookie(
+        profile, other_domain_url, "samesite-lax=1; SameSite=Lax",
+        net::CookieOptions::SameSiteCookieContext(
+            net::CookieOptions::SameSiteCookieContext::ContextType::
+                SAME_SITE_LAX,
+            net::CookieOptions::SameSiteCookieContext::ContextType::
+                CROSS_SITE)));
+    EXPECT_THAT(
+        content::GetCookies(profile, other_domain_url,
+                            net::CookieOptions::SameSiteCookieContext(
+                                net::CookieOptions::SameSiteCookieContext::
+                                    ContextType::SAME_SITE_LAX,
+                                net::CookieOptions::SameSiteCookieContext::
+                                    ContextType::CROSS_SITE)),
+        testing::HasSubstr("samesite-lax=1"));
  }
 }


--- a/components/content_settings/core/common/content_settings_types.h
+++ b/components/content_settings/core/common/content_settings_types.h
@@ -149,10 +149,12 @@ enum class ContentSettingsType : int32_t {
  WAKE_LOCK_SCREEN,
  WAKE_LOCK_SYSTEM,

-  // Legacy SameSite cookie behavior. This disables SameSiteByDefaultCookies
-  // and CookiesWithoutSameSiteMustBeSecure, and forces the legacy behavior
-  // where cookies that don't specify SameSite are treated as SameSite=None and
-  // SameSite=None cookies are not required to be Secure.
+  // Legacy SameSite cookie behavior. This disables SameSiteByDefaultCookies,
+  // CookiesWithoutSameSiteMustBeSecure, and SchemefulSameSite, forcing the
+  // legacy behavior wherein cookies that don't specify SameSite are treated as
+  // SameSite=None, SameSite=None cookies are not required to be Secure, and
+  // schemeful same-site is not active.
+  //
  // This will also be used to revert to legacy behavior when future changes
  // in cookie handling are introduced.
  LEGACY_COOKIE_ACCESS,

--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -6172,9 +6172,9 @@
      'id': 623,
      'caption': '''Default legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> cookie behavior setting''',
      'tags': [],
-      'desc': '''Allows you to revert all cookies to legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior. Reverting to legacy behavior causes cookies that don't specify a <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> attribute to be treated as if they were "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>", and removes the requirement for "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>" cookies to carry the "<ph name="ATTRIBUTE_SECURE_NAME">Secure</ph>" attribute. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.
+      'desc': '''Allows you to revert all cookies to legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior. Reverting to legacy behavior causes cookies that don't specify a <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> attribute to be treated as if they were "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>", removes the requirement for "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>" cookies to carry the "<ph name="ATTRIBUTE_SECURE_NAME">Secure</ph>" attribute, and skips the scheme comparison when evaluating if two sites are same-site. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.

-          When this policy is not set, the default <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior for cookies that don't specify a <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> attribute will depend on the user's personal configuration for the <ph name="FEATURE_NAME_SAMESITE_BY_DEFAULT_COOKIES">SameSite-by-default</ph> feature, which may be set by a field trial or by enabling or disabling the flag <ph name="FLAG_NAME_SAMESITE_BY_DEFAULT_COOKIES">same-site-by-default-cookies</ph> flag.''',
+          When this policy is not set, the default <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior for cookies will depend on the user's personal configuration for the <ph name="FEATURE_NAME_SAMESITE_BY_DEFAULT_COOKIES">SameSite-by-default</ph> feature, the <ph name="FEATURE_NAME_SAMESITE_NONE_MUST_BE_SECURE">Cookies-without-SameSite-must-be-secure</ph> feature, and the <ph name="FEATURE_NAME_SCHEMEFUL_SAME_SITE">Schemeful Same-Site</ph> feature which may be set by a field trial or by enabling or disabling the <ph name="FLAG_NAME_SAMESITE_BY_DEFAULT_COOKIES">same-site-by-default-cookies</ph> flag, the <ph name="FLAG_NAME_SAMESITE_NONE_MUST_BE_SECURE">cookies-without-same-site-must-be-secure</ph> flag, or the <ph name="FLAG_NAME_SCHEMEFUL_SAME_SITE">schemeful-same-site</ph> flag, respectively.''',
    },
    {
      'name': 'LegacySameSiteCookieBehaviorEnabledForDomainList',
@@ -6197,7 +6197,7 @@
      'id': 624,
      'caption': '''Revert to legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior for cookies on these sites''',
      'tags': [],
-      'desc': '''Cookies set for domains matching these patterns will revert to legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior. Reverting to legacy behavior causes cookies that don't specify a <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> attribute to be treated as if they were "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>", and removes the requirement for "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>" cookies to carry the "<ph name="ATTRIBUTE_SECURE_NAME">Secure</ph>" attribute. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.
+      'desc': '''Cookies set for domains matching these patterns will revert to legacy <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> behavior. Reverting to legacy behavior causes cookies that don't specify a <ph name="ATTRIBUTE_SAMESITE_NAME">SameSite</ph> attribute to be treated as if they were "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>", removes the requirement for "<ph name="ATTRIBUTE_VALUE_SAMESITE_NONE">SameSite=None</ph>" cookies to carry the "<ph name="ATTRIBUTE_SECURE_NAME">Secure</ph>" attribute, and skips the scheme comparison when evaluating if two sites are same-site. See https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies for full description.

          For cookies on domains not covered by the patterns specified here, or for all cookies if this policy is not set, the global default value will be used either from the <ph name="LEGACY_SAMESITE_COOKIE_BEHAVIOR_ENABLED_POLICY_NAME">LegacySameSiteCookieBehaviorEnabled</ph> policy, if it is set, or the user's personal configuration otherwise.

--- a/net/cookies/canonical_cookie.cc
+++ b/net/cookies/canonical_cookie.cc
@@ -589,6 +589,14 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
  // match the cookie-path.
  if (!IsOnPath(url.path()))
    status.AddExclusionReason(CookieInclusionStatus::EXCLUDE_NOT_ON_PATH);
+
+  // For LEGACY cookies we should always return the schemeless context,
+  // otherwise let GetContextForCookieInclusion() decide.
+  CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context =
+      access_semantics == CookieAccessSemantics::LEGACY
+          ? options.same_site_cookie_context().context()
+          : options.same_site_cookie_context().GetContextForCookieInclusion();
+
  // Don't include same-site cookies for cross-site requests.
  CookieEffectiveSameSite effective_same_site =
      GetEffectiveSameSite(access_semantics);
@@ -601,20 +609,19 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
                              CookieEffectiveSameSite::COUNT);
  }
  UMA_HISTOGRAM_ENUMERATION(
-      "Cookie.RequestSameSiteContext",
-      options.same_site_cookie_context().GetContextForCookieInclusion(),
+      "Cookie.RequestSameSiteContext", cookie_inclusion_context,
      CookieOptions::SameSiteCookieContext::ContextType::COUNT);

  switch (effective_same_site) {
    case CookieEffectiveSameSite::STRICT_MODE:
-      if (options.same_site_cookie_context().GetContextForCookieInclusion() <
+      if (cookie_inclusion_context <
          CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT) {
        status.AddExclusionReason(
            CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT);
      }
      break;
    case CookieEffectiveSameSite::LAX_MODE:
-      if (options.same_site_cookie_context().GetContextForCookieInclusion() <
+      if (cookie_inclusion_context <
          CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
        status.AddExclusionReason(
            (SameSite() == CookieSameSite::UNSPECIFIED)
@@ -626,7 +633,7 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
    // TODO(crbug.com/990439): Add a browsertest for this behavior.
    case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE:
      DCHECK(SameSite() == CookieSameSite::UNSPECIFIED);
-      if (options.same_site_cookie_context().GetContextForCookieInclusion() <
+      if (cookie_inclusion_context <
          CookieOptions::SameSiteCookieContext::ContextType::
              SAME_SITE_LAX_METHOD_UNSAFE) {
        // TODO(chlily): Do we need a separate CookieInclusionStatus for this?
@@ -707,16 +714,22 @@ void CanonicalCookie::IsSetPermittedInContext(
    UMA_HISTOGRAM_BOOLEAN("Cookie.SameSiteNoneIsSecure", IsSecure());
  }

+  // For LEGACY cookies we should always return the schemeless context,
+  // otherwise let GetContextForCookieInclusion() decide.
+  CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context =
+      access_semantics == CookieAccessSemantics::LEGACY
+          ? options.same_site_cookie_context().context()
+          : options.same_site_cookie_context().GetContextForCookieInclusion();
+
  access_result->effective_same_site = GetEffectiveSameSite(access_semantics);
  DCHECK(access_result->effective_same_site !=
         CookieEffectiveSameSite::UNDEFINED);
-
  switch (access_result->effective_same_site) {
    case CookieEffectiveSameSite::STRICT_MODE:
      // This intentionally checks for `< SAME_SITE_LAX`, as we allow
      // `SameSite=Strict` cookies to be set for top-level navigations that
      // qualify for receipt of `SameSite=Lax` cookies.
-      if (options.same_site_cookie_context().GetContextForCookieInclusion() <
+      if (cookie_inclusion_context <
          CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
        DVLOG(net::cookie_util::kVlogSetCookies)
            << "Trying to set a `SameSite=Strict` cookie from a "
@@ -727,7 +740,7 @@ void CanonicalCookie::IsSetPermittedInContext(
      break;
    case CookieEffectiveSameSite::LAX_MODE:
    case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE:
-      if (options.same_site_cookie_context().GetContextForCookieInclusion() <
+      if (cookie_inclusion_context <
          CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
        if (SameSite() == CookieSameSite::UNSPECIFIED) {
          DVLOG(net::cookie_util::kVlogSetCookies)

--- a/net/cookies/canonical_cookie_unittest.cc
+++ b/net/cookies/canonical_cookie_unittest.cc
@@ -758,9 +758,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
  using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;

  // Test cases that are the same regardless of feature status or access
-  // semantics:
-  // TODO(https://crbug.com/1030938): This test will need to consider
-  // SchemefulSameSite when it is added to CanonicalCookie.
+  // semantics. For Schemeful Same-Site this means that the context downgrade is
+  // a no-op (such as for NO_RESTRICTION cookies) or that there is no downgrade:
  std::vector<IncludeForRequestURLTestCase> common_test_cases = {
      // Strict cookies:
      {"Common=1;SameSite=Strict", CookieSameSite::STRICT_MODE,
@@ -781,104 +780,86 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
       CookieInclusionStatus()},
-      // Strict cookies with downgrade:
-      {"Common=5;SameSite=Strict", CookieSameSite::STRICT_MODE,
-       CookieEffectiveSameSite::STRICT_MODE,
-       SameSiteCookieContext(
-           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
-           SameSiteCookieContext::ContextType::SAME_SITE_LAX),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE})},
-      {"Common=6;SameSite=Strict", CookieSameSite::STRICT_MODE,
-       CookieEffectiveSameSite::STRICT_MODE,
-       SameSiteCookieContext(
-           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
-           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::
-                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
-      {"Common=7;SameSite=Strict", CookieSameSite::STRICT_MODE,
-       CookieEffectiveSameSite::STRICT_MODE,
-       SameSiteCookieContext(
-           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
-           SameSiteCookieContext::ContextType::CROSS_SITE),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::
-                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
      // Lax cookies:
-      {"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE,
+      {"Common=5;SameSite=Lax", CookieSameSite::LAX_MODE,
       CookieEffectiveSameSite::LAX_MODE,
       SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
       CookieInclusionStatus(CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)},
-      {"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE,
+      {"Common=6;SameSite=Lax", CookieSameSite::LAX_MODE,
       CookieEffectiveSameSite::LAX_MODE,
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
       CookieInclusionStatus(CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)},
-      {"Common=10;SameSite=Lax", CookieSameSite::LAX_MODE,
+      {"Common=7;SameSite=Lax", CookieSameSite::LAX_MODE,
       CookieEffectiveSameSite::LAX_MODE,
       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
       CookieInclusionStatus()},
-      {"Common=11;SameSite=Lax", CookieSameSite::LAX_MODE,
+      {"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE,
       CookieEffectiveSameSite::LAX_MODE,
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
       CookieInclusionStatus()},
      // Lax cookies with downgrade:
-      {"Common=12;SameSite=Lax", CookieSameSite::LAX_MODE,
+      {"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE,
       CookieEffectiveSameSite::LAX_MODE,
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
           SameSiteCookieContext::ContextType::SAME_SITE_LAX),
       CookieInclusionStatus()},
-      {"Common=13;SameSite=Lax", CookieSameSite::LAX_MODE,
-       CookieEffectiveSameSite::LAX_MODE,
-       SameSiteCookieContext(
-           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
-           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
-      {"Common=14;SameSite=Lax", CookieSameSite::LAX_MODE,
-       CookieEffectiveSameSite::LAX_MODE,
-       SameSiteCookieContext(
-           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
-           SameSiteCookieContext::ContextType::CROSS_SITE),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
-      {"Common=15;SameSite=Lax", CookieSameSite::LAX_MODE,
-       CookieEffectiveSameSite::LAX_MODE,
-       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX,
-                             SameSiteCookieContext::ContextType::CROSS_SITE),
-       CookieInclusionStatus::MakeFromReasonsForTesting(
-           std::vector<CookieInclusionStatus::ExclusionReason>(),
-           {CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE})},
      // None and Secure cookies:
-      {"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+      {"Common=10;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
       CookieEffectiveSameSite::NO_RESTRICTION,
       SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
       CookieInclusionStatus()},
-      {"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+      {"Common=11;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
       CookieEffectiveSameSite::NO_RESTRICTION,
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
       CookieInclusionStatus()},
-      {"Common=18;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+      {"Common=12;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
       CookieEffectiveSameSite::NO_RESTRICTION,
       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
       CookieInclusionStatus()},
-      {"Common=19;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+      {"Common=13;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
       CookieEffectiveSameSite::NO_RESTRICTION,
       SameSiteCookieContext(
           SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
-       CookieInclusionStatus()}};
+       CookieInclusionStatus()},
+      // Because NO_RESTRICTION cookies are always sent, the schemeful context
+      // downgrades shouldn't matter.
+      {"Common=14;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+       CookieEffectiveSameSite::NO_RESTRICTION,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX),
+       CookieInclusionStatus()},
+      {"Common=15;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+       CookieEffectiveSameSite::NO_RESTRICTION,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
+       CookieInclusionStatus()},
+      {"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+       CookieEffectiveSameSite::NO_RESTRICTION,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus()},
+      {"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+       CookieEffectiveSameSite::NO_RESTRICTION,
+       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX,
+                             SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus()},
+      {"Common=18;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
+       CookieEffectiveSameSite::NO_RESTRICTION,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus()},
+  };

  // Test cases where the default is None (either access semantics is LEGACY, or
-  // semantics is UNKNOWN and feature is enabled):
+  // semantics is UNKNOWN and SameSiteByDefaultCookies feature is disabled):
  std::vector<IncludeForRequestURLTestCase> default_none_test_cases = {
      // Unspecified cookies (without SameSite-by-default):
      {"DefaultNone=1", CookieSameSite::UNSPECIFIED,
@@ -907,7 +888,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
       CookieInclusionStatus()}};

  // Test cases where the default is Lax (either access semantics is NONLEGACY,
-  // or access semantics is UNKNOWN and feature is enabled):
+  // or access semantics is UNKNOWN and SameSiteByDefaultCookies feature is
+  // enabled):
  std::vector<IncludeForRequestURLTestCase> default_lax_test_cases = {
      // Unspecified recently-created cookies (with SameSite-by-default):
      {"DefaultLax=1", CookieSameSite::UNSPECIFIED,
@@ -961,30 +943,173 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
       CookieInclusionStatus(), kLongAge},
  };

-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::UNKNOWN,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::UNKNOWN,
-                                      default_lax_test_cases);
-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::LEGACY,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::LEGACY,
-                                      default_none_test_cases);
-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::NONLEGACY,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::NONLEGACY,
-                                      default_lax_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
-                                      default_none_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
-                                      default_none_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
-                                      common_test_cases);
-  VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
-                                      default_lax_test_cases);
+  // Test cases that require LEGACY semantics or Schemeful Same-Site to be
+  // disabled.
+  std::vector<IncludeForRequestURLTestCase> schemeful_disabled_test_cases = {
+      {"LEGACY_Schemeful=1;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE})},
+      {"LEGACY_Schemeful=2;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::
+                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
+      {"LEGACY_Schemeful=3;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::
+                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
+      {"LEGACY_Schemeful=4;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
+      {"LEGACY_Schemeful=5;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
+      {"LEGACY_Schemeful=6;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX,
+                             SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           std::vector<CookieInclusionStatus::ExclusionReason>(),
+           {CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE})},
+  };
+
+  // Test cases that require NONLEGACY or UNKNOWN semantics with Schemeful
+  // Same-Site enabled
+  std::vector<IncludeForRequestURLTestCase> schemeful_enabled_test_cases = {
+      {"NONLEGACY_Schemeful=1;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
+           {CookieInclusionStatus::WARN_STRICT_LAX_DOWNGRADE_STRICT_SAMESITE})},
+      {"NONLEGACY_Schemeful=2;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
+           {CookieInclusionStatus::
+                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
+      {"NONLEGACY_Schemeful=3;SameSite=Strict", CookieSameSite::STRICT_MODE,
+       CookieEffectiveSameSite::STRICT_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
+           {CookieInclusionStatus::
+                WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE})},
+      {"NONLEGACY_Schemeful=4;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
+           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
+      {"NONLEGACY_Schemeful=5;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(
+           SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
+           SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
+           {CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE})},
+      {"NONLEGACY_Schemeful=6;SameSite=Lax", CookieSameSite::LAX_MODE,
+       CookieEffectiveSameSite::LAX_MODE,
+       SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX,
+                             SameSiteCookieContext::ContextType::CROSS_SITE),
+       CookieInclusionStatus::MakeFromReasonsForTesting(
+           {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
+           {CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE})},
+  };
+
+  auto SchemefulIndependentCases = [&]() {
+    // Run the test cases that are independent of Schemeful Same-Site.
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::UNKNOWN,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::UNKNOWN,
+                                        default_lax_test_cases);
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::LEGACY,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::LEGACY,
+                                        default_none_test_cases);
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::NONLEGACY,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(true, CookieAccessSemantics::NONLEGACY,
+                                        default_lax_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
+                                        default_none_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
+                                        default_none_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
+                                        common_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
+                                        default_lax_test_cases);
+  };
+
+  {
+    // Schemeful Same-Site disabled.
+    base::test::ScopedFeatureList feature_list;
+    feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
+
+    SchemefulIndependentCases();
+
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
+                                        schemeful_disabled_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
+                                        schemeful_disabled_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
+                                        schemeful_disabled_test_cases);
+  }
+  {
+    // Schemeful Same-Site enabled.
+    base::test::ScopedFeatureList feature_list;
+    feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
+
+    SchemefulIndependentCases();
+
+    // With LEGACY access the cases should act as if schemeful is disabled, even
+    // when it's not.
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::LEGACY,
+                                        schemeful_disabled_test_cases);
+
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::NONLEGACY,
+                                        schemeful_enabled_test_cases);
+    VerifyIncludeForRequestURLTestCases(false, CookieAccessSemantics::UNKNOWN,
+                                        schemeful_enabled_test_cases);
+  }
 }

 // Test that non-SameSite, insecure cookies are excluded if both
@@ -2045,24 +2170,54 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
                    .IsSetPermittedInContext(context_same_site_strict)
                    .status.IsInclude());

-    CookieInclusionStatus status_strict_to_lax =
-        cookie_same_site_unrestricted
-            .IsSetPermittedInContext(context_same_site_strict_to_lax)
-            .status;
-    EXPECT_TRUE(status_strict_to_lax.IsInclude());
-    EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
-    CookieInclusionStatus status_strict_to_cross =
-        cookie_same_site_unrestricted
-            .IsSetPermittedInContext(context_same_site_strict_to_cross)
-            .status;
-    EXPECT_TRUE(status_strict_to_cross.IsInclude());
-    EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
-    CookieInclusionStatus status_lax_to_cross =
-        cookie_same_site_unrestricted
-            .IsSetPermittedInContext(context_same_site_lax_to_cross)
-            .status;
-    EXPECT_TRUE(status_lax_to_cross.IsInclude());
-    EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
+    {
+      // Schemeful Same-Site disabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_TRUE(status_strict_to_cross.IsInclude());
+      EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_TRUE(status_lax_to_cross.IsInclude());
+      EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
+    }
+    {
+      // Schemeful Same-Site enabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_TRUE(status_strict_to_cross.IsInclude());
+      EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_unrestricted
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_TRUE(status_lax_to_cross.IsInclude());
+      EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
+    }
  }

  {
@@ -2081,26 +2236,62 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
        cookie_same_site_lax.IsSetPermittedInContext(context_same_site_strict)
            .status.IsInclude());

-    CookieInclusionStatus status_strict_to_lax =
-        cookie_same_site_lax
-            .IsSetPermittedInContext(context_same_site_strict_to_lax)
-            .status;
-    EXPECT_TRUE(status_strict_to_lax.IsInclude());
-    EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
-    CookieInclusionStatus status_strict_to_cross =
-        cookie_same_site_lax
-            .IsSetPermittedInContext(context_same_site_strict_to_cross)
-            .status;
-    EXPECT_TRUE(status_strict_to_cross.IsInclude());
-    EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
-        CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE));
-    CookieInclusionStatus status_lax_to_cross =
-        cookie_same_site_lax
-            .IsSetPermittedInContext(context_same_site_lax_to_cross)
-            .status;
-    EXPECT_TRUE(status_lax_to_cross.IsInclude());
-    EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
-        CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE));
+    {
+      // Schemeful Same-Site disabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_TRUE(status_strict_to_cross.IsInclude());
+      EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE));
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_TRUE(status_lax_to_cross.IsInclude());
+      EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE));
+    }
+    {
+      // Schemeful Same-Site enabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_FALSE(status_strict_to_cross.IsInclude());
+      EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE));
+      EXPECT_TRUE(status_strict_to_cross.HasExclusionReason(
+          CookieInclusionStatus::EXCLUDE_SAMESITE_LAX));
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_lax
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_FALSE(status_lax_to_cross.IsInclude());
+      EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_LAX_SAMESITE));
+      EXPECT_TRUE(status_strict_to_cross.HasExclusionReason(
+          CookieInclusionStatus::EXCLUDE_SAMESITE_LAX));
+    }
  }

  {
@@ -2122,26 +2313,87 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
                    .IsSetPermittedInContext(context_same_site_strict)
                    .status.IsInclude());

-    CookieInclusionStatus status_strict_to_lax =
-        cookie_same_site_strict
-            .IsSetPermittedInContext(context_same_site_strict_to_lax)
-            .status;
-    EXPECT_TRUE(status_strict_to_lax.IsInclude());
-    EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
-    CookieInclusionStatus status_strict_to_cross =
-        cookie_same_site_strict
-            .IsSetPermittedInContext(context_same_site_strict_to_cross)
-            .status;
-    EXPECT_TRUE(status_strict_to_cross.IsInclude());
-    EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
-        CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE));
-    CookieInclusionStatus status_lax_to_cross =
-        cookie_same_site_strict
-            .IsSetPermittedInContext(context_same_site_lax_to_cross)
-            .status;
-    EXPECT_TRUE(status_lax_to_cross.IsInclude());
-    EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
-        CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE));
+    {
+      // Schemeful Same-Site disabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_TRUE(status_strict_to_cross.IsInclude());
+      EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE));
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_TRUE(status_lax_to_cross.IsInclude());
+      EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE));
+    }
+    {
+      // Schemeful Same-Site enabled.
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
+
+      CookieInclusionStatus status_strict_to_lax =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_lax)
+              .status;
+      EXPECT_TRUE(status_strict_to_lax.IsInclude());
+      EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
+      CookieInclusionStatus status_strict_to_cross =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_cross)
+              .status;
+      EXPECT_FALSE(status_strict_to_cross.IsInclude());
+      EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE));
+      EXPECT_TRUE(status_strict_to_cross.HasExclusionReason(
+          CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
+      CookieInclusionStatus status_lax_to_cross =
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_lax_to_cross)
+              .status;
+      EXPECT_FALSE(status_lax_to_cross.IsInclude());
+      EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
+          CookieInclusionStatus::WARN_LAX_CROSS_DOWNGRADE_STRICT_SAMESITE));
+      EXPECT_TRUE(status_strict_to_cross.HasExclusionReason(
+          CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
+    }
+
+    // Even with Schemeful Same-Site enabled, cookies semantics could change the
+    // inclusion.
+    {
+      base::test::ScopedFeatureList feature_list;
+      feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
+
+      EXPECT_FALSE(
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_cross,
+                                       CookieAccessSemantics::UNKNOWN)
+              .status.IsInclude());
+      EXPECT_FALSE(
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_cross,
+                                       CookieAccessSemantics::NONLEGACY)
+              .status.IsInclude());
+      // LEGACY semantics should allow cookies which Schemeful Same-Site would
+      // normally block.
+      EXPECT_TRUE(
+          cookie_same_site_strict
+              .IsSetPermittedInContext(context_same_site_strict_to_cross,
+                                       CookieAccessSemantics::LEGACY)
+              .status.IsInclude());
+    }
  }

  // Behavior of UNSPECIFIED depends on an experiment and CookieAccessSemantics.