Add comments justifying code to bypass SameSite cookie restrictions

This adds comments to better explain use cases for adding the special exceptions to SameSite cookie rules for chrome:// scheme pages that were added in https://crrev.com/c/1904544. Bug: 1007320 Change-Id: Iba4f6c20d2a4bbca6297be813ebdc9aa0437dcef Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2227058 Commit-Queue: Lily Chen <chlily@chromium.org> Commit-Queue: Maksim Orlovich <morlovich@chromium.org> Auto-Submit: Lily Chen <chlily@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#774338}

Add comments justifying code to bypass SameSite cookie restrictions
This adds comments to better explain use cases for adding the special exceptions to SameSite cookie rules for chrome:// scheme pages that were added in https://crrev.com/c/1904544. Bug: 1007320 Change-Id: Iba4f6c20d2a4bbca6297be813ebdc9aa0437dcef Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2227058 Commit-Queue: Lily Chen <chlily@chromium.org> Commit-Queue: Maksim Orlovich <morlovich@chromium.org> Auto-Submit: Lily Chen <chlily@chromium.org> Reviewed-by: Maksim Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#774338}
2387bd90 · Lily Chen · Commit Bot · 6ce5d659 · 2387bd90 · 2387bd90
Commit 2387bd90 authored Jun 02, 2020 by Lily Chen Committed by Commit Bot Jun 02, 2020
Showing with 11 additions and 0 deletions

chrome/browser/chrome_content_browser_client.cc chrome/browser/chrome_content_browser_client.cc +6 -0

chrome/browser/net/profile_network_context_service.cc chrome/browser/net/profile_network_context_service.cc +5 -0

No files found.
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1703,6 +1703,12 @@ bool ChromeContentBrowserClient::DoesWebUISchemeRequireProcessLock(
 bool ChromeContentBrowserClient::ShouldTreatURLSchemeAsFirstPartyWhenTopLevel(
    base::StringPiece scheme,
    bool is_embedded_origin_secure) {
+  // This is needed to bypass the normal SameSite rules for any chrome:// page
+  // embedding a secure origin, regardless of the registrable domains of any
+  // intervening frames. For example, this is needed for browser UI to interact
+  // with SameSite cookies on accounts.google.com, which are used for logging
+  // into Cloud Print from chrome://print, for displaying a list of available
+  // accounts on the NTP (chrome://new-tab-page), etc.
  if (is_embedded_origin_secure && scheme == content::kChromeUIScheme)
    return true;
 #if BUILDFLAG(ENABLE_EXTENSIONS)

--- a/chrome/browser/net/profile_network_context_service.cc
+++ b/chrome/browser/net/profile_network_context_service.cc
@@ -532,6 +532,11 @@ ProfileNetworkContextService::CreateCookieManagerParams(
  auto out = network::mojom::CookieManagerParams::New();
  out->block_third_party_cookies =
      cookie_settings.ShouldBlockThirdPartyCookies();
+  // This allows cookies to be sent on https requests from chrome:// pages,
+  // ignoring SameSite attribute rules. For example, this is needed for browser
+  // UI to interact with SameSite cookies on accounts.google.com, which are used
+  // for logging into Cloud Print from chrome://print, for displaying a list
+  // of available accounts on the NTP (chrome://new-tab-page), etc.
  out->secure_origin_cookies_allowed_schemes.push_back(
      content::kChromeUIScheme);
 #if BUILDFLAG(ENABLE_EXTENSIONS)