Change apisid gaia cookie to sapisid cookie

The sign-in code uses the apisid Gaia cookie as a way to detect changes to Google accounts on the web.
sapisid is the secure version of apisid.

Bug: 889632
Change-Id: I8bf7790c5a1c85da6ae7d890dc7ce3d8a3f38928
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1827399
Commit-Queue: David Roger <droger@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#702836}

chrome/browser/browsing_data/browsing_data_remover_browsertest.cc

@@ -258,12 +258,10 @@ std::string GetCookiesTreeModelInfo(const CookieTreeNode* root) {
 // Sets the APISID Gaia cookie, which is monitored by the AccountReconcilor.
 bool SetGaiaCookieForProfile(Profile* profile) {
   GURL google_url = GaiaUrls::GetInstance()->secure_google_url();
-  // TODO(crbug.com/889632): Change to SAPISID. See crrev.com/c/1827399.
   net::CanonicalCookie cookie(
-      "APISID", std::string(), "." + google_url.host(), "/", base::Time(),
+      "SAPISID", std::string(), "." + google_url.host(), "/", base::Time(),
       base::Time(), base::Time(), true /* secure */, false /* httponly */,
       net::CookieSameSite::NO_RESTRICTION, net::COOKIE_PRIORITY_DEFAULT);
-
   bool success = false;
   base::RunLoop loop;
   base::OnceCallback<void(net::CanonicalCookie::CookieInclusionStatus)>

chrome/browser/chromeos/login/signin/oauth2_login_verifier.h

@@ -18,7 +18,7 @@
 namespace chromeos {
 
 // Given GCMS and primary account id, this class verifies GAIA credentials
-// (APISID) and rebuild current session's cookie jar for the primary account.
+// (SAPISID) and rebuild current session's cookie jar for the primary account.
 class OAuth2LoginVerifier : public signin::IdentityManager::Observer {
  public:
   class Delegate {

chrome/browser/extensions/api/browsing_data/browsing_data_test.cc

@@ -49,12 +49,13 @@ const char kRemoveEverythingArguments[] =
     "webSQL": true
     }])";
 
-// Sets the APISID Gaia cookie, which is monitored by the AccountReconcilor.
+// Sets the SAPISID Gaia cookie, which is monitored by the AccountReconcilor.
 bool SetGaiaCookieForProfile(Profile* profile) {
-  GURL google_url = GaiaUrls::GetInstance()->google_url();
-  net::CanonicalCookie cookie("APISID", std::string(), "." + google_url.host(),
+  GURL google_url = GaiaUrls::GetInstance()->secure_google_url();
+  net::CanonicalCookie cookie("SAPISID", std::string(), "." + google_url.host(),
                               "/", base::Time(), base::Time(), base::Time(),
-                              false, false, net::CookieSameSite::NO_RESTRICTION,
+                              /*secure=*/true, false,
+                              net::CookieSameSite::NO_RESTRICTION,
                               net::COOKIE_PRIORITY_DEFAULT);
 
   bool success = false;
@@ -70,10 +71,8 @@ bool SetGaiaCookieForProfile(Profile* profile) {
   network::mojom::CookieManager* cookie_manager =
       content::BrowserContext::GetDefaultStoragePartition(profile)
           ->GetCookieManagerForBrowserProcess();
-  net::CookieOptions options;
-  options.set_include_httponly();
   cookie_manager->SetCanonicalCookie(
-      cookie, google_url.scheme(), options,
+      cookie, google_url.scheme(), net::CookieOptions::MakeAllInclusive(),
       mojo::WrapCallbackWithDefaultInvokeIfNotRun(
           std::move(callback), net::CanonicalCookie::CookieInclusionStatus(
                                    net::CanonicalCookie::CookieInclusionStatus::

components/signin/internal/identity_manager/gaia_cookie_manager_service.cc

@@ -74,7 +74,7 @@ const net::BackoffEntry::Policy kBackoffPolicy = {
 
 // Name of the GAIA cookie that is being observed to detect when available
 // accounts have changed in the content-area.
-const char* const kGaiaCookieName = "APISID";
+const char* const kGaiaCookieName = "SAPISID";
 
 // State of requests to Gaia logout endpoint. Used as entry for histogram
 // |Signin.GaiaCookieManager.Logout|.

components/signin/internal/identity_manager/gaia_cookie_manager_service.h

@@ -240,7 +240,7 @@ class GaiaCookieManagerService : public GaiaAuthConsumer,
   void TriggerListAccounts();
 
   // Forces the processing of OnCookieChange. This is public so that callers
-  // that know the GAIA APISID cookie might have changed can inform the
+  // that know the GAIA SAPISID cookie might have changed can inform the
   // service. Virtual for testing.
   virtual void ForceOnCookieChangeProcessing();
 
@@ -267,10 +267,10 @@ class GaiaCookieManagerService : public GaiaAuthConsumer,
 
   // If set, this callback will be invoked whenever the
   // GaiaCookieManagerService's list of GAIA accounts is updated. The GCMS
-  // monitors the APISID cookie and triggers a /ListAccounts call on change.
+  // monitors the SAPISID cookie and triggers a /ListAccounts call on change.
   // The GCMS will also call ListAccounts upon the first call to
   // ListAccounts(). The GCMS will delay calling ListAccounts if other
-  // requests are in queue that would modify the APISID cookie.
+  // requests are in queue that would modify the SAPISID cookie.
   // If the ListAccounts call fails and the GCMS cannot recover, the reason
   // is passed in |error|.
   // This method can only be called once.

components/signin/ios/browser/account_consistency_service.mm

@@ -371,7 +371,7 @@ void AccountConsistencyService::ApplyCookieRequests() {
         FinishedApplyingCookieRequest(false);
         return;
       }
-      // Create expiration date of Now+2y to roughly follow the APISID cookie.
+      // Create expiration date of Now+2y to roughly follow the SAPISID cookie.
       expiration_date =
           (base::Time::Now() + base::TimeDelta::FromDays(730)).ToJsTime();
       break;
@@ -471,7 +471,7 @@ void AccountConsistencyService::OnBrowsingDataRemoved() {
   base::DictionaryValue dict;
   prefs_->Set(kDomainsWithCookiePref, dict);
 
-  // APISID cookie has been removed, notify the GCMS.
+  // SAPISID cookie has been removed, notify the GCMS.
   // TODO(https://crbug.com/930582) : Remove the need to expose this method
   // or move it to the network::CookieManager.
   identity_manager_->GetAccountsCookieMutator()->ForceTriggerOnCookieChange();

components/signin/public/identity_manager/identity_manager_unittest.cc

@@ -2024,10 +2024,10 @@ TEST_F(IdentityManagerTest, CallbackSentOnAccountsCookieDeletedByUserAction) {
   base::RunLoop run_loop;
   identity_manager_observer()->SetOnCookieDeletedByUserCallback(
       run_loop.QuitClosure());
-  net::CanonicalCookie cookie("APISID", std::string(), ".google.com", "/",
-                              base::Time(), base::Time(), base::Time(), false,
-                              false, net::CookieSameSite::NO_RESTRICTION,
-                              net::COOKIE_PRIORITY_DEFAULT);
+  net::CanonicalCookie cookie(
+      "SAPISID", std::string(), ".google.com", "/", base::Time(), base::Time(),
+      base::Time(), /*secure=*/true, false, net::CookieSameSite::NO_RESTRICTION,
+      net::COOKIE_PRIORITY_DEFAULT);
   SimulateCookieDeletedByUser(identity_manager()->GetGaiaCookieManagerService(),
                               cookie);
   run_loop.Run();
@@ -2056,10 +2056,10 @@ TEST_F(IdentityManagerTest, OnNetworkInitialized) {
   // Note that this call differs from calling SimulateCookieDeletedByUser()
   // directly in the sense that SimulateCookieDeletedByUser() does not go
   // through any mojo pipe.
-  net::CanonicalCookie cookie("APISID", std::string(), ".google.com", "/",
-                              base::Time(), base::Time(), base::Time(), false,
-                              false, net::CookieSameSite::NO_RESTRICTION,
-                              net::COOKIE_PRIORITY_DEFAULT);
+  net::CanonicalCookie cookie(
+      "SAPISID", std::string(), ".google.com", "/", base::Time(), base::Time(),
+      base::Time(), /*secure=*/true, false, net::CookieSameSite::NO_RESTRICTION,
+      net::COOKIE_PRIORITY_DEFAULT);
   test_cookie_manager_ptr->DispatchCookieChange(
       cookie, network::mojom::CookieChangeCause::EXPLICIT);
   run_loop.Run();

google_apis/gaia/gaia_switches.h

@@ -7,7 +7,7 @@
 
 namespace switches {
 
-// Specifies the domain of the APISID cookie. The default value is
+// Specifies the domain of the SAPISID cookie. The default value is
 // "http://.google.com".
 extern const char kGoogleUrl[];
 

google_apis/gaia/oauth_multilogin_result_unittest.cc

@@ -23,7 +23,7 @@ using ::testing::_;
 TEST(OAuthMultiloginResultTest, TryParseCookiesFromValue) {
   OAuthMultiloginResult result("");
   // SID: typical response for a domain cookie
-  // APISID: typical response for a host cookie
+  // SAPISID: typical response for a host cookie
   // SSID: not canonical cookie because of the wrong path, should not be added
   // HSID: canonical but not valid because of the wrong host value, still will
   // be parsed but domain_ field will be empty. Also it is expired.
@@ -41,7 +41,7 @@ TEST(OAuthMultiloginResultTest, TryParseCookiesFromValue) {
               "maxAge":63070000
             },
             {
-              "name":"APISID",
+              "name":"SAPISID",
               "value":"vAlUe2",
               "host":"google.com",
               "path":"/",
@@ -88,8 +88,8 @@ TEST(OAuthMultiloginResultTest, TryParseCookiesFromValue) {
                       expiration_time, /*is_secure=*/true,
                       /*is_http_only=*/false, net::CookieSameSite::UNSPECIFIED,
                       net::CookiePriority::COOKIE_PRIORITY_HIGH),
-      CanonicalCookie("APISID", "vAlUe2", "google.com", "/", time_now, time_now,
-                      expiration_time, /*is_secure=*/false,
+      CanonicalCookie("SAPISID", "vAlUe2", "google.com", "/", time_now,
+                      time_now, expiration_time, /*is_secure=*/false,
                       /*is_http_only=*/true, net::CookieSameSite::LAX_MODE,
                       net::CookiePriority::COOKIE_PRIORITY_HIGH),
       CanonicalCookie("HSID", "vAlUe4", "", "/", time_now, time_now, time_now,