Switch more instances of LOAD_DO_NOT_* to CredentialMode

This CL is part of a larger project to remove the LOAD_DO_NOT_* privacy
load flags and replace them with the allow_credentials setting. See
https://crbug.com/799935 and
https://docs.google.com/document/d/1ntn9N7Ce2jozvvpWI0XbzJ7lJdwUjJXK07wp7rxrIN4
for the motivation for this change.

network::mojom::CredentialMode::kOmit is equivalent to
LOAD_DO_NOT_{SEND_COOKIES,SAVE_COOKIES,AUTH_DATA}. For features which
did not include LOAD_DO_NOT_SEND_AUTH_DATA, this change has two
implications:

- The request will no longer participate in HTTP auth if the server requests
  it. HTTP auth credentials identify the user, so private requests should
  not send them. Note this only affects server auth, not proxy auth.
  Requests through the network service already deny HTTP auth
  challenges if not attached to a WebContents, so this should be a no-op
  for these features.

- The request will be pooled with sockets used for uncredentialed requests,
  rather than credentialed requests. This is not expected to meaningfully
  change behavior.

TBR=mdjones@chromium.org, wutao@chromium.org

Bug: 799935
Change-Id: I6036193c0be4fa8a177a9cb79b84ca963fe435b8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1893957
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Aga Wronska <agawronska@chromium.org>
Reviewed-by: Rachel Blum <groby@chromium.org>
Reviewed-by: Sean Kau <skau@chromium.org>
Reviewed-by: Ben Wells <benwells@chromium.org>
Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#714751}

chrome/browser/android/compositor/scene_layer/contextual_search_scene_layer.cc

@@ -215,7 +215,7 @@ void ContextualSearchSceneLayer::FetchThumbnail(
   fetcher_->Init(
       std::string(),
       net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-      net::LOAD_NORMAL);
+      network::mojom::CredentialsMode::kInclude);
   fetcher_->Start(loader_factory);
 }
 

chrome/browser/bitmap_fetcher/bitmap_fetcher.cc

@@ -23,7 +23,7 @@ BitmapFetcher::~BitmapFetcher() {
 
 void BitmapFetcher::Init(const std::string& referrer,
                          net::URLRequest::ReferrerPolicy referrer_policy,
-                         int load_flags) {
+                         network::mojom::CredentialsMode credentials_mode) {
   if (simple_loader_ != NULL)
     return;
 
@@ -31,7 +31,7 @@ void BitmapFetcher::Init(const std::string& referrer,
   resource_request->url = url_;
   resource_request->referrer = GURL(referrer);
   resource_request->referrer_policy = referrer_policy;
-  resource_request->load_flags = load_flags;
+  resource_request->credentials_mode = credentials_mode;
   simple_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                     traffic_annotation_);
 }

chrome/browser/bitmap_fetcher/bitmap_fetcher.h

@@ -14,6 +14,7 @@
 #include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_request.h"
 #include "services/network/public/cpp/simple_url_loader.h"
+#include "services/network/public/mojom/fetch_api.mojom.h"
 #include "services/network/public/mojom/url_loader_factory.mojom.h"
 #include "url/gurl.h"
 
@@ -33,12 +34,12 @@ class BitmapFetcher : public ImageDecoder::ImageRequest {
   // Initializes internal fetcher.  After this function returns url_fetcher()
   // can be accessed to configure it further (eg. add user data to request).
   // All configuration must be done before Start() is called.
-  // Values for |load_flags| are defined in net/base/load_flags.h.  In general,
-  // |net::LOAD_NORMAL| is appropriate.  Init may be called more than once in
-  // some cases.  If so, subsequent starts will be ignored.
+  // |credentials_mode| determines whether credentials such as cookies should be
+  // sent.  Init may be called more than once in some cases.  If so, subsequent
+  // starts will be ignored.
   void Init(const std::string& referrer,
             net::URLRequest::ReferrerPolicy referrer_policy,
-            int load_flags);
+            network::mojom::CredentialsMode credentials_mode);
 
   // Start fetching the URL with the fetcher. The delegate is notified
   // asynchronously when done.  Start may be called more than once in some

chrome/browser/bitmap_fetcher/bitmap_fetcher_browsertest.cc

@@ -151,7 +151,7 @@ IN_PROC_BROWSER_TEST_F(BitmapFetcherBrowserTest, StartTest) {
   fetcher.Init(
       std::string(),
       net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-      net::LOAD_NORMAL);
+      network::mojom::CredentialsMode::kInclude);
   fetcher.Start(
       content::BrowserContext::GetDefaultStoragePartition(browser()->profile())
           ->GetURLLoaderFactoryForBrowserProcess()
@@ -201,7 +201,7 @@ IN_PROC_BROWSER_TEST_F(BitmapFetcherBrowserTest, OnURLFetchFailureTest) {
   fetcher.Init(
       std::string(),
       net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-      net::LOAD_NORMAL);
+      network::mojom::CredentialsMode::kInclude);
   fetcher.Start(
       content::BrowserContext::GetDefaultStoragePartition(browser()->profile())
           ->GetURLLoaderFactoryForBrowserProcess()
@@ -221,7 +221,7 @@ IN_PROC_BROWSER_TEST_F(BitmapFetcherBrowserTest, HandleImageFailedTest) {
   fetcher.Init(
       std::string(),
       net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-      net::LOAD_NORMAL);
+      network::mojom::CredentialsMode::kInclude);
   fetcher.Start(
       content::BrowserContext::GetDefaultStoragePartition(browser()->profile())
           ->GetURLLoaderFactoryForBrowserProcess()

chrome/browser/bitmap_fetcher/bitmap_fetcher_service.cc

@@ -145,7 +145,7 @@ std::unique_ptr<BitmapFetcher> BitmapFetcherService::CreateFetcher(
   new_fetcher->Init(
       std::string(),
       net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-      net::LOAD_NORMAL);
+      network::mojom::CredentialsMode::kInclude);
   new_fetcher->Start(
       content::BrowserContext::GetDefaultStoragePartition(context_)
           ->GetURLLoaderFactoryForBrowserProcess()

chrome/browser/chromeos/printing/server_printers_fetcher.cc

@@ -148,12 +148,12 @@ class ServerPrintersFetcher::PrivateImplementation
     resource_request->headers.SetHeader(net::HttpRequestHeaders::kContentType,
                                         "application/ipp");
     resource_request->load_flags =
-        net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-        net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES;
+        net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE;
     resource_request->request_body =
         network::ResourceRequestBody::CreateFromBytes(
             reinterpret_cast<char*>(request_frame.data()),
             request_frame.size());
+    resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
     // TODO(pawliczek): create a traffic annotation for printing network traffic
     simple_url_loader_ = network::SimpleURLLoader::Create(
         std::move(resource_request), MISSING_TRAFFIC_ANNOTATION);

chrome/browser/extensions/webstore_install_helper.cc

@@ -81,7 +81,7 @@ void WebstoreInstallHelper::Start(
     icon_fetcher_->Init(
         std::string(),
         net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-        net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES);
+        network::mojom::CredentialsMode::kOmit);
     icon_fetcher_->Start(loader_factory);
   }
 }

chrome/browser/profiles/profile_avatar_downloader.cc

@@ -69,7 +69,7 @@ void ProfileAvatarDownloader::Start() {
     fetcher_->Init(
         std::string(),
         net::URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
-        net::LOAD_NORMAL);
+        network::mojom::CredentialsMode::kInclude);
     fetcher_->Start(loader_factory);
   }
 }

chrome/browser/supervised_user/kids_chrome_management/kids_chrome_management_client.cc

@@ -171,8 +171,7 @@ void KidsChromeManagementClient::ClassifyURL(
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = GURL(kClassifyUrlRequestApiPath);
   resource_request->method = "POST";
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
 
   const net::NetworkTrafficAnnotationTag traffic_annotation =
       net::DefineNetworkTrafficAnnotation(

chrome/browser/ui/ash/assistant/assistant_image_downloader.cc

@@ -61,8 +61,7 @@ class DownloadTask : public BitmapFetcherDelegate {
 
     bitmap_fetcher_->Init(
         /*referrer=*/std::string(), net::URLRequest::NEVER_CLEAR_REFERRER,
-        net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES |
-            net::LOAD_DO_NOT_SEND_AUTH_DATA);
+        network::mojom::CredentialsMode::kOmit);
 
     bitmap_fetcher_->Start(
         content::BrowserContext::GetDefaultStoragePartition(profile)

chrome/browser/ui/passwords/account_avatar_fetcher.cc

@@ -56,8 +56,7 @@ AccountAvatarFetcher::~AccountAvatarFetcher() = default;
 void AccountAvatarFetcher::Start(
     network::mojom::URLLoaderFactory* loader_factory) {
   fetcher_.Init(std::string(), net::URLRequest::NEVER_CLEAR_REFERRER,
-                net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES |
-                    net::LOAD_DO_NOT_SEND_AUTH_DATA);
+                network::mojom::CredentialsMode::kOmit);
   fetcher_.Start(loader_factory);
 }
 

chrome/browser/ui/webui/management_ui_handler.cc

@@ -673,9 +673,8 @@ void ManagementUIHandler::AsyncUpdateLogo() {
   if (!url.empty() && GURL(url) != logo_url_) {
     icon_fetcher_ = std::make_unique<BitmapFetcher>(
         GURL(url), this, GetManagementUICustomerLogoAnnotation());
-    icon_fetcher_->Init(
-        std::string(), net::URLRequest::NEVER_CLEAR_REFERRER,
-        net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES);
+    icon_fetcher_->Init(std::string(), net::URLRequest::NEVER_CLEAR_REFERRER,
+                        network::mojom::CredentialsMode::kOmit);
     auto* profile = Profile::FromWebUI(web_ui());
     icon_fetcher_->Start(
         content::BrowserContext::GetDefaultStoragePartition(profile)

google_apis/gaia/gaia_auth_fetcher.cc

@@ -29,7 +29,6 @@
 #include "google_apis/gaia/oauth2_id_token_decoder.h"
 #include "google_apis/gaia/oauth_multilogin_result.h"
 #include "net/base/escape.h"
-#include "net/base/load_flags.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_status_code.h"
 #include "net/http/http_util.h"
@@ -41,9 +40,6 @@
 
 namespace {
 
-const int kLoadFlagsIgnoreCookies = net::LOAD_DO_NOT_SEND_COOKIES |
-                                    net::LOAD_DO_NOT_SAVE_COOKIES;
-
 const size_t kMaxMessageSize = 1024 * 1024;  // 1MB
 
 constexpr char kBadAuthenticationError[] = "BadAuthentication";
@@ -256,7 +252,7 @@ void GaiaAuthFetcher::CreateAndStartGaiaFetcher(
     const std::string& body,
     const std::string& headers,
     const GURL& gaia_gurl,
-    int load_flags,
+    network::mojom::CredentialsMode credentials_mode,
     const net::NetworkTrafficAnnotationTag& traffic_annotation) {
   DCHECK(!fetch_pending_) << "Tried to fetch two things at once!";
 
@@ -264,7 +260,7 @@ void GaiaAuthFetcher::CreateAndStartGaiaFetcher(
   resource_request->url = gaia_gurl;
   original_url_ = gaia_gurl;
 
-  if (!(load_flags & net::LOAD_DO_NOT_SEND_COOKIES)) {
+  if (credentials_mode != network::mojom::CredentialsMode::kOmit) {
     DCHECK_EQ(GaiaUrls::GetInstance()->gaia_url(), gaia_gurl.GetOrigin())
         << gaia_gurl;
     resource_request->site_for_cookies = GaiaUrls::GetInstance()->gaia_url();
@@ -287,7 +283,7 @@ void GaiaAuthFetcher::CreateAndStartGaiaFetcher(
   // maintain a separation between the user's browsing and Chrome's internal
   // services.  Where such mixing is desired (MergeSession or OAuthLogin), it
   // will be done explicitly.
-  resource_request->load_flags = load_flags;
+  resource_request->credentials_mode = credentials_mode;
 
   url_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                  traffic_annotation);
@@ -490,7 +486,8 @@ void GaiaAuthFetcher::StartRevokeOAuth2Token(const std::string& auth_token) {
           }
         })");
   CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_revoke_gurl_,
-                            kLoadFlagsIgnoreCookies, traffic_annotation);
+                            network::mojom::CredentialsMode::kOmit,
+                            traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchange(
@@ -534,7 +531,8 @@ void GaiaAuthFetcher::StartAuthCodeForOAuth2TokenExchangeWithDeviceId(
           }
         })");
   CreateAndStartGaiaFetcher(request_body_, std::string(), oauth2_token_gurl_,
-                            kLoadFlagsIgnoreCookies, traffic_annotation);
+                            network::mojom::CredentialsMode::kOmit,
+                            traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) {
@@ -566,7 +564,8 @@ void GaiaAuthFetcher::StartGetUserInfo(const std::string& lsid) {
           }
         })");
   CreateAndStartGaiaFetcher(request_body_, std::string(), get_user_info_gurl_,
-                            kLoadFlagsIgnoreCookies, traffic_annotation);
+                            network::mojom::CredentialsMode::kOmit,
+                            traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token,
@@ -614,9 +613,9 @@ void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token,
             }
           }
         })");
-  CreateAndStartGaiaFetcher(std::string(), std::string(),
-                            merge_session_gurl_.Resolve(query),
-                            net::LOAD_NORMAL, traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      std::string(), std::string(), merge_session_gurl_.Resolve(query),
+      network::mojom::CredentialsMode::kInclude, traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange(
@@ -654,9 +653,9 @@ void GaiaAuthFetcher::StartTokenFetchForUberAuthExchange(
             }
           }
         })");
-  CreateAndStartGaiaFetcher(std::string(), authentication_header,
-                            uberauth_token_gurl_, kLoadFlagsIgnoreCookies,
-                            traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      std::string(), authentication_header, uberauth_token_gurl_,
+      network::mojom::CredentialsMode::kOmit, traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token,
@@ -696,9 +695,9 @@ void GaiaAuthFetcher::StartOAuthLogin(const std::string& access_token,
             }
           }
         })");
-  CreateAndStartGaiaFetcher(request_body_, authentication_header,
-                            oauth_login_gurl_, net::LOAD_NORMAL,
-                            traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      request_body_, authentication_header, oauth_login_gurl_,
+      network::mojom::CredentialsMode::kInclude, traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartListAccounts() {
@@ -731,10 +730,10 @@ void GaiaAuthFetcher::StartListAccounts() {
             }
           }
         })");
-  CreateAndStartGaiaFetcher(" ",  // To force an HTTP POST.
-                            "Origin: https://www.google.com",
-                            list_accounts_gurl_, net::LOAD_NORMAL,
-                            traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      " ",  // To force an HTTP POST.
+      "Origin: https://www.google.com", list_accounts_gurl_,
+      network::mojom::CredentialsMode::kInclude, traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartOAuthMultilogin(
@@ -796,10 +795,10 @@ void GaiaAuthFetcher::StartOAuthMultilogin(
             }
           }
         })");
-  CreateAndStartGaiaFetcher(" ",  // Non-empty to force a POST
-                            authorization_header,
-                            oauth_multilogin_gurl_.Resolve(parameters),
-                            net::LOAD_NORMAL, traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      " ",  // Non-empty to force a POST
+      authorization_header, oauth_multilogin_gurl_.Resolve(parameters),
+      network::mojom::CredentialsMode::kInclude, traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartLogOut() {
@@ -833,7 +832,8 @@ void GaiaAuthFetcher::StartLogOut() {
           }
         })");
   CreateAndStartGaiaFetcher(std::string(), std::string(), logout_gurl_,
-                            net::LOAD_NORMAL, traffic_annotation);
+                            network::mojom::CredentialsMode::kInclude,
+                            traffic_annotation);
 }
 
 void GaiaAuthFetcher::StartGetCheckConnectionInfo() {
@@ -864,9 +864,9 @@ void GaiaAuthFetcher::StartGetCheckConnectionInfo() {
             }
           }
         })");
-  CreateAndStartGaiaFetcher(std::string(), std::string(),
-                            get_check_connection_info_url_,
-                            kLoadFlagsIgnoreCookies, traffic_annotation);
+  CreateAndStartGaiaFetcher(
+      std::string(), std::string(), get_check_connection_info_url_,
+      network::mojom::CredentialsMode::kOmit, traffic_annotation);
 }
 
 // static

google_apis/gaia/gaia_auth_fetcher.h

@@ -19,6 +19,7 @@
 #include "net/base/net_errors.h"
 #include "net/traffic_annotation/network_traffic_annotation.h"
 #include "services/network/public/cpp/http_raw_request_response_info.h"
+#include "services/network/public/mojom/fetch_api.mojom.h"
 #include "url/gurl.h"
 
 // Authenticate a user against the Google Accounts APIs with various
@@ -192,8 +193,8 @@ class GaiaAuthFetcher {
   // used as the body of the POST request sent to GAIA.  Any strings listed in
   // |headers| are added as extra HTTP headers in the request.
   //
-  // |load_flags| are passed to directly to network::SimpleURLLoader::Create()
-  // when creating the SimpleURLLoader.
+  // |credentials_mode| are passed to directly to
+  // network::SimpleURLLoader::Create() when creating the SimpleURLLoader.
   //
   // HasPendingFetch() should return false before calling this method, and will
   // return true afterwards.
@@ -201,7 +202,7 @@ class GaiaAuthFetcher {
       const std::string& body,
       const std::string& headers,
       const GURL& gaia_gurl,
-      int load_flags,
+      network::mojom::CredentialsMode credentials_mode,
       const net::NetworkTrafficAnnotationTag& traffic_annotation);
 
   // Called by OnURLLoadComplete, exposed for ease of testing.

google_apis/gaia/gaia_auth_fetcher_unittest.cc

@@ -24,12 +24,12 @@
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth_multilogin_result.h"
 #include "google_apis/google_api_keys.h"
-#include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_status_code.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
 #include "services/network/public/cpp/weak_wrapper_shared_url_loader_factory.h"
+#include "services/network/public/mojom/fetch_api.mojom.h"
 #include "services/network/test/test_url_loader_factory.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -198,9 +198,9 @@ class TestGaiaAuthFetcher : public GaiaAuthFetcher {
       const std::string& body,
       const std::string& headers,
       const GURL& gaia_gurl,
-      int load_flags,
+      network::mojom::CredentialsMode credentials_mode,
       const net::NetworkTrafficAnnotationTag& traffic_annotation) {
-    CreateAndStartGaiaFetcher(body, headers, gaia_gurl, load_flags,
+    CreateAndStartGaiaFetcher(body, headers, gaia_gurl, credentials_mode,
                               traffic_annotation);
   }
 
@@ -284,8 +284,8 @@ TEST_F(GaiaAuthFetcherTest, StartAuthCodeForOAuth2TokenExchange_Success) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.StartAuthCodeForOAuth2TokenExchange("auth_code");
   ASSERT_EQ(received_requests_.size(), 1U);
-  EXPECT_EQ(net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES,
-            received_requests_.at(0).load_flags);
+  EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+            received_requests_.at(0).credentials_mode);
   std::string body = GetRequestBodyAsString(&received_requests_.at(0));
   EXPECT_EQ(std::string::npos, body.find("device_type=chrome"));
   EXPECT_TRUE(auth.HasPendingFetch());
@@ -303,8 +303,8 @@ TEST_F(GaiaAuthFetcherTest, StartAuthCodeForOAuth2TokenExchange_DeviceId) {
                                                        "device_ABCDE_1");
 
   ASSERT_EQ(1U, received_requests_.size());
-  EXPECT_EQ(net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES,
-            received_requests_.at(0).load_flags);
+  EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+            received_requests_.at(0).credentials_mode);
   std::string body = GetRequestBodyAsString(&received_requests_.at(0));
   EXPECT_NE(std::string::npos, body.find("device_type=chrome"));
   EXPECT_NE(std::string::npos, body.find("device_id=device_ABCDE_1"));
@@ -486,9 +486,9 @@ TEST_F(GaiaAuthFetcherTest, StartOAuthLogin) {
   EXPECT_CALL(consumer, OnClientLoginSuccess(result)).Times(1);
 
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
-  auth.CreateAndStartGaiaFetcherForTesting(/*body=*/"", /*headers=*/"",
-                                           oauth_login_gurl_, /*load_flags=*/0,
-                                           TRAFFIC_ANNOTATION_FOR_TESTS);
+  auth.CreateAndStartGaiaFetcherForTesting(
+      /*body=*/"", /*headers=*/"", oauth_login_gurl_,
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_OK, data);
 }
 
@@ -509,9 +509,10 @@ TEST_F(GaiaAuthFetcherTest, ListAccounts) {
       /*body=*/"", /*headers=*/"",
       GaiaUrls::GetInstance()->ListAccountsURLWithSource(
           GaiaConstants::kChromeSource),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   ASSERT_EQ(received_requests_.size(), 1U);
-  EXPECT_EQ(net::LOAD_NORMAL, received_requests_.at(0).load_flags);
+  EXPECT_EQ(network::mojom::CredentialsMode::kInclude,
+            received_requests_.at(0).credentials_mode);
   EXPECT_EQ(GaiaUrls::GetInstance()->gaia_url(),
             received_requests_.at(0).site_for_cookies);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_OK, data);
@@ -526,7 +527,7 @@ TEST_F(GaiaAuthFetcherTest, LogOutSuccess) {
       /*body=*/"", /*headers=*/"",
       GaiaUrls::GetInstance()->LogOutURLWithSource(
           GaiaConstants::kChromeSource),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK);
 }
 
@@ -544,7 +545,7 @@ TEST_F(GaiaAuthFetcherTest, LogOutFailure) {
       /*body=*/"", /*headers=*/"",
       GaiaUrls::GetInstance()->LogOutURLWithSource(
           GaiaConstants::kChromeSource),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(error_no);
 }
 
@@ -560,7 +561,7 @@ TEST_F(GaiaAuthFetcherTest, GetCheckConnectionInfo) {
       /*body=*/"", /*headers=*/"",
       GaiaUrls::GetInstance()->GetCheckConnectionInfoURLWithSource(
           GaiaConstants::kChromeSource),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_OK, data);
 }
 
@@ -574,7 +575,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenSuccess) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_OK, data);
 }
 
@@ -588,7 +589,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenCanceled) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::ERR_ABORTED);
 }
 
@@ -602,7 +603,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenFailed) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::ERR_CERT_CONTAINS_ERRORS);
 }
 
@@ -616,7 +617,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenTimeout) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::ERR_TIMED_OUT);
 }
 
@@ -631,7 +632,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenInvalidToken) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_BAD_REQUEST, data);
 }
 
@@ -646,7 +647,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenInvalidRequest) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_BAD_REQUEST, data);
 }
 
@@ -661,7 +662,7 @@ TEST_F(GaiaAuthFetcherTest, RevokeOAuth2TokenServerError) {
   TestGaiaAuthFetcher auth(&consumer, GetURLLoaderFactory());
   auth.CreateAndStartGaiaFetcherForTesting(
       /*body=*/"", /*headers=*/"", GaiaUrls::GetInstance()->oauth2_revoke_url(),
-      /*load_flags=*/0, TRAFFIC_ANNOTATION_FOR_TESTS);
+      network::mojom::CredentialsMode::kInclude, TRAFFIC_ANNOTATION_FOR_TESTS);
   auth.TestOnURLLoadCompleteInternal(net::OK, net::HTTP_INTERNAL_SERVER_ERROR,
                                      data);
 }

ios/chrome/browser/signin/gaia_auth_fetcher_ios.h

@@ -66,7 +66,7 @@ class GaiaAuthFetcherIOS
       const std::string& body,
       const std::string& headers,
       const GURL& gaia_gurl,
-      int load_flags,
+      network::mojom::CredentialsMode credentials_mode,
       const net::NetworkTrafficAnnotationTag& traffic_annotation) override;
   // GaiaAuthFetcherIOSBridge::GaiaAuthFetcherIOSBridgeDelegate.
   void OnFetchComplete(const GURL& url,

ios/chrome/browser/signin/gaia_auth_fetcher_ios.mm

@@ -13,7 +13,6 @@
 #include "ios/chrome/browser/signin/gaia_auth_fetcher_ios_wk_webview_bridge.h"
 #include "ios/web/common/features.h"
 #include "ios/web/public/browser_state.h"
-#include "net/base/load_flags.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 
 #if !defined(__has_feature) || !__has_feature(objc_arc)
@@ -48,15 +47,15 @@ void GaiaAuthFetcherIOS::CreateAndStartGaiaFetcher(
     const std::string& body,
     const std::string& headers,
     const GURL& gaia_gurl,
-    int load_flags,
+    network::mojom::CredentialsMode credentials_mode,
     const net::NetworkTrafficAnnotationTag& traffic_annotation) {
   DCHECK(!HasPendingFetch()) << "Tried to fetch two things at once!";
 
-  bool cookies_required = !(load_flags & (net::LOAD_DO_NOT_SEND_COOKIES |
-                                          net::LOAD_DO_NOT_SAVE_COOKIES));
+  bool cookies_required =
+      credentials_mode != network::mojom::CredentialsMode::kOmit;
   if (!ShouldUseGaiaAuthFetcherIOS() || !cookies_required) {
-    GaiaAuthFetcher::CreateAndStartGaiaFetcher(body, headers, gaia_gurl,
-                                               load_flags, traffic_annotation);
+    GaiaAuthFetcher::CreateAndStartGaiaFetcher(
+        body, headers, gaia_gurl, credentials_mode, traffic_annotation);
     return;
   }