Rename Sec-Signed-Redemption-Record to Sec-Redemption-Record.

Design: https://docs.google.com/document/d/1-4n1RLaJs8ANw34TsS6BVt7ARa7lK70F6aHFG2CL3Rc/edit#heading=h.6a92f2gfl9le Bug: 1133310 Change-Id: I70210d3f6ac82450607acd89a78d08a53dd52ef4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2436763 Commit-Queue: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#825696}

Rename Sec-Signed-Redemption-Record to Sec-Redemption-Record.
Design: https://docs.google.com/document/d/1-4n1RLaJs8ANw34TsS6BVt7ARa7lK70F6aHFG2CL3Rc/edit#heading=h.6a92f2gfl9le Bug: 1133310 Change-Id: I70210d3f6ac82450607acd89a78d08a53dd52ef4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2436763 Commit-Queue: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#825696}
3ba8d26b · Steven Valdez · Commit Bot · 8dc5168f · 3ba8d26b · 3ba8d26b
Commit 3ba8d26b authored Nov 10, 2020 by Steven Valdez Committed by Commit Bot Nov 10, 2020
10 changed files
--- a/content/test/trust_token_browsertest.cc
+++ b/content/test/trust_token_browsertest.cc
@@ -127,7 +127,7 @@ MATCHER(
    "an empty redemption record and no other request-signing headers.") {
  return ::testing::ExplainMatchResult(
      AllOf(
-          HasHeader(network::kTrustTokensRequestHeaderSecSignedRedemptionRecord,
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord,
                    StrEq("")),
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
          Not(HasHeader(
@@ -223,8 +223,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, FetchEndToEnd) {
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));
@@ -286,8 +285,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, XhrEndToEnd) {
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));
@@ -324,8 +322,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, IframeEndToEnd) {
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));
@@ -412,8 +409,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, FetchEndToEndInIsolatedWorld) {
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));
@@ -1283,8 +1279,7 @@ IN_PROC_BROWSER_TEST_F(
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));
@@ -1342,8 +1337,7 @@ IN_PROC_BROWSER_TEST_F(
      request_handler_.last_incoming_signed_request(),
      Optional(AllOf(
          Not(HasHeader(network::kTrustTokensRequestHeaderSecTime)),
-          HasHeader(
+          HasHeader(network::kTrustTokensRequestHeaderSecRedemptionRecord),
-              network::kTrustTokensRequestHeaderSecSignedRedemptionRecord),
          SignaturesAreWellFormedAndVerify(),
          SecSignatureHeaderKeyHashes(IsSubsetOf(
              request_handler_.hashes_of_redemption_bound_public_keys())))));

--- a/services/network/public/cpp/trust_token_http_headers.cc
+++ b/services/network/public/cpp/trust_token_http_headers.cc
@@ -12,7 +12,7 @@ namespace network {
 const std::vector<base::StringPiece>& TrustTokensRequestHeaders() {
  static base::NoDestructor<std::vector<base::StringPiece>> headers{
      {kTrustTokensRequestHeaderSecSignature,
-       kTrustTokensRequestHeaderSecSignedRedemptionRecord,
+       kTrustTokensRequestHeaderSecRedemptionRecord,
       kTrustTokensRequestHeaderSecTime, kTrustTokensSecTrustTokenHeader,
       kTrustTokensSecTrustTokenVersionHeader,
       kTrustTokensRequestHeaderSecTrustTokensAdditionalSigningData}};

--- a/services/network/public/cpp/trust_token_http_headers.h
+++ b/services/network/public/cpp/trust_token_http_headers.h
@@ -40,10 +40,10 @@ constexpr char kTrustTokensRequestHeaderSecTime[] = "Sec-Time";
 // collection of headers; and, optionally, the request's body).
 constexpr char kTrustTokensRequestHeaderSecSignature[] = "Sec-Signature";
-// As a request header, provides a Signed Redemption Record obtained from a
+// As a request header, provides aRedemption Record obtained from a prior
-// prior issuance-and-redemption flow.
+// issuance-and-redemption flow.
-constexpr char kTrustTokensRequestHeaderSecSignedRedemptionRecord[] =
+constexpr char kTrustTokensRequestHeaderSecRedemptionRecord[] =
-    "Sec-Signed-Redemption-Record";
+    "Sec-Redemption-Record";
 // As a request header during the request signing operation, provides the list
 // of headers included in the signing data's canonical request data. An absent

--- a/services/network/trust_tokens/signed_redemption_record_serialization_unittest.cc
+++ b/services/network/trust_tokens/signed_redemption_record_serialization_unittest.cc
@@ -80,7 +80,7 @@ std::string CreateSerializedDictionary(
 }  // namespace
-TEST(SignedRedemptionRecordSerialization, SerializeAndParse) {
+TEST(RedemptionRecordSerialization, SerializeAndParse) {
  std::string body = "body";
  std::string signature = "example signature";
  base::Optional<std::string> maybe_serialized =
@@ -96,7 +96,7 @@ TEST(SignedRedemptionRecordSerialization, SerializeAndParse) {
  EXPECT_EQ(obtained_signature, signature);
 }
-TEST(SignedRedemptionRecordSerialization, SerializeAndParseNullptrParams) {
+TEST(RedemptionRecordSerialization, SerializeAndParseNullptrParams) {
  // Make sure ParseTrustTokenRedemptionRecord doesn't blow up (i.e.,
  // dereference a null pointer) when its optional params aren't provided.
  std::string body = "example body";
@@ -110,13 +110,13 @@ TEST(SignedRedemptionRecordSerialization, SerializeAndParseNullptrParams) {
      ParseTrustTokenRedemptionRecord(*maybe_serialized, nullptr, nullptr));
 }
-TEST(SignedRedemptionRecordSerialization, ParseNotDictionary) {
+TEST(RedemptionRecordSerialization, ParseNotDictionary) {
  // Parse should reject objects that aren't Structured Headers dictionaries.
  EXPECT_FALSE(ParseTrustTokenRedemptionRecord(
      "Not a Structured Headers dictionary", nullptr, nullptr));
 }
-TEST(SignedRedemptionRecordSerialization, ParseTooSmallDictionary) {
+TEST(RedemptionRecordSerialization, ParseTooSmallDictionary) {
  // Parse should reject Structured Headers dictionaries that aren't size 2.
  EXPECT_FALSE(ParseTrustTokenRedemptionRecord(
      CreateSerializedDictionary(WithBody::kAbsent, WithSignature::kAbsent,
@@ -124,8 +124,7 @@ TEST(SignedRedemptionRecordSerialization, ParseTooSmallDictionary) {
      nullptr, nullptr));
 }
-TEST(SignedRedemptionRecordSerialization,
+TEST(RedemptionRecordSerialization, ParseDictionaryWithTypeUnsafeSignature) {
-     ParseDictionaryWithTypeUnsafeSignature) {
  // Parse should reject size 2 structured headers dictionaries with members of
  // the wrong type.
  EXPECT_FALSE(ParseTrustTokenRedemptionRecord(
@@ -134,7 +133,7 @@ TEST(SignedRedemptionRecordSerialization,
      nullptr, nullptr));
 }
-TEST(SignedRedemptionRecordSerialization, ParseDictionaryWithTypeUnsafeBody) {
+TEST(RedemptionRecordSerialization, ParseDictionaryWithTypeUnsafeBody) {
  // Parse should reject size 2 structured headers dictionaries with members of
  // the wrong type.
  EXPECT_FALSE(ParseTrustTokenRedemptionRecord(
@@ -143,7 +142,7 @@ TEST(SignedRedemptionRecordSerialization, ParseDictionaryWithTypeUnsafeBody) {
      nullptr, nullptr));
 }
-TEST(SignedRedemptionRecordSerialization, ParseDictionaryWithExtraMembers) {
+TEST(RedemptionRecordSerialization, ParseDictionaryWithExtraMembers) {
  // Parse should reject size >2 structured headers dictionaries.
  EXPECT_FALSE(ParseTrustTokenRedemptionRecord(
      CreateSerializedDictionary(WithBody::kValid, WithSignature::kValid,

--- a/services/network/trust_tokens/test/signed_request_verification_util.cc
+++ b/services/network/trust_tokens/test/signed_request_verification_util.cc
@@ -382,12 +382,12 @@ bool ConfirmRrBodyIntegrity(base::StringPiece rr_body, std::string* error_out) {
 }
 bool ExtractRedemptionRecordsFromHeader(
-    base::StringPiece sec_signed_redemption_record_header,
+    base::StringPiece sec_redemption_record_header,
    std::map<SuitableTrustTokenOrigin, std::string>*
        redemption_records_per_issuer_out,
    std::string* error_out) {
  base::Optional<net::structured_headers::List> maybe_list =
-      net::structured_headers::ParseList(sec_signed_redemption_record_header);
+      net::structured_headers::ParseList(sec_redemption_record_header);
  std::string dummy;
  if (!error_out)

--- a/services/network/trust_tokens/test/signed_request_verification_util.h
+++ b/services/network/trust_tokens/test/signed_request_verification_util.h
@@ -64,12 +64,12 @@ bool ReconstructSigningDataAndVerifySignatures(
 bool ConfirmRrBodyIntegrity(base::StringPiece rr_body,
                            std::string* error_out = nullptr);
-// Parses a Sec-Signed-Redemption-Record header and extracts the (issuer,
+// Parses a Sec-Redemption-Record header and extracts the (issuer, redemption
-// redemption record) pairs the header contains. On success, returns true. On
+// record) pairs the header contains. On success, returns true. On failure,
-// failure, returns false and, if |error_out| is not null, stores a
+// returns false and, if |error_out| is not null, stores a helpful error
-// helpful error message in |error_out| for debugging.
+// message in |error_out| for debugging.
 bool ExtractRedemptionRecordsFromHeader(
-    base::StringPiece sec_signed_redemption_record_header,
+    base::StringPiece sec_redemption_record_header,
    std::map<SuitableTrustTokenOrigin, std::string>*
        redemption_records_per_issuer_out,
    std::string* error_out);

--- a/services/network/trust_tokens/test/trust_token_request_handler.h
+++ b/services/network/trust_tokens/test/trust_token_request_handler.h
@@ -45,8 +45,7 @@ class TrustTokenRequestHandler {
  enum class SigningOutcome {
    // Expect a well-formed RR and possibly a Sec-Signature header.
    kSuccess,
-    // Expect an empty Sec-Signed-Redemption-Record header and no Sec-Signature
+    // Expect an empty Sec-Redemption-Record header and no Sec-Signature header.
-    // header.
    kFailure,
  };

--- a/services/network/trust_tokens/trust_token_request_signing_helper.cc
+++ b/services/network/trust_tokens/trust_token_request_signing_helper.cc
@@ -76,7 +76,7 @@ base::Optional<std::vector<std::string>> ParseTrustTokenSignedHeadersHeader(
 }  // namespace internal
 const char* const TrustTokenRequestSigningHelper::kSignableRequestHeaders[]{
-    kTrustTokensRequestHeaderSecSignedRedemptionRecord,
+    kTrustTokensRequestHeaderSecRedemptionRecord,
    kTrustTokensRequestHeaderSecTime,
    kTrustTokensRequestHeaderSecTrustTokensAdditionalSigningData,
 };
@@ -185,7 +185,7 @@ GetHeadersToSignAndUpdateSignedHeadersHeader(
 void AttachRedemptionRecordHeader(net::URLRequest* request, std::string value) {
  request->SetExtraRequestHeaderByName(
-      kTrustTokensRequestHeaderSecSignedRedemptionRecord, value,
+      kTrustTokensRequestHeaderSecRedemptionRecord, value,
      /*overwrite=*/true);
 }
@@ -271,8 +271,8 @@ void TrustTokenRequestSigningHelper::Begin(
        const auto& headers = request->extra_request_headers();
        std::string rr_header;
-        DCHECK(headers.GetHeader(
+        DCHECK(headers.GetHeader(kTrustTokensRequestHeaderSecRedemptionRecord,
-            kTrustTokensRequestHeaderSecSignedRedemptionRecord, &rr_header));
+                                 &rr_header));
        if (rr_header.empty()) {
          DCHECK(!headers.HasHeader(kTrustTokensRequestHeaderSecTime));
          DCHECK(!headers.HasHeader(kTrustTokensRequestHeaderSecSignature));
@@ -286,7 +286,7 @@ void TrustTokenRequestSigningHelper::Begin(
  // This class is responsible for adding these headers; callers should not add
  // them.
  DCHECK(!request->extra_request_headers().HasHeader(
-      kTrustTokensRequestHeaderSecSignedRedemptionRecord));
+      kTrustTokensRequestHeaderSecRedemptionRecord));
  DCHECK(!request->extra_request_headers().HasHeader(
      kTrustTokensRequestHeaderSecTime));
  DCHECK(!request->extra_request_headers().HasHeader(
@@ -390,7 +390,7 @@ void TrustTokenRequestSigningHelper::Begin(
    return;
  }
-  // 2.c. Attach the RRs in a Sec-Signed-Redemption-Record header.
+  // 2.c. Attach the RRs in a Sec-Redemption-Record header.
  if (base::Optional<std::string> maybe_redemption_record_header =
          ConstructRedemptionRecordHeader(records_per_issuer)) {
    AttachRedemptionRecordHeader(request,
@@ -398,10 +398,9 @@ void TrustTokenRequestSigningHelper::Begin(
  } else {
    AttachRedemptionRecordHeader(request, std::string());
-    LogOutcome(
+    LogOutcome(net_log_,
-        net_log_,
+               "Unexpected internal error serializing Sec-Redemption-Record"
-        "Unexpected internal error serializing Sec-Signed-Redemption-Record"
+               " header.");
-        " header.");
    std::move(done).Run(mojom::TrustTokenOperationStatus::kOk);
    return;
  }

--- a/services/network/trust_tokens/trust_token_request_signing_helper.h
+++ b/services/network/trust_tokens/trust_token_request_signing_helper.h
@@ -179,7 +179,7 @@ class TrustTokenRequestSigningHelper : public TrustTokenRequestHelper {
  // ATTACHING THE REDEMPTION RECORD:
  // In the case that an RR is found for at least one provided issuer and the
  // requested headers to sign are well-formed, attaches a
-  // Sec-Signed-Redemption-Record header bearing the RRs and:
+  // Sec-Redemption-Record header bearing the RRs and:
  // 1. if the request is configured for adding a Trust Tokens timestamp,
  // adds a timestamp header;
  // 2. if the request is configured for signing, computes the request's
@@ -199,7 +199,7 @@ class TrustTokenRequestSigningHelper : public TrustTokenRequestHelper {
  // failure during signing; see the Trust Tokens design doc for more
  // discussion.
  // - On failure, the request will contain an empty
-  // Sec-Signed-Redemption-Record header and no Sec-Time, Sec-Signature, or
+  // Sec-Redemption-Record header and no Sec-Time, Sec-Signature, or
  // Signed-Headers headers.
  void Begin(
      net::URLRequest* request,

--- a/services/network/trust_tokens/trust_token_request_signing_helper_unittest.cc
+++ b/services/network/trust_tokens/trust_token_request_signing_helper_unittest.cc
@@ -227,7 +227,7 @@ TEST_F(TrustTokenRequestSigningHelperTest, WontSignIfNoRedemptionRecord) {
  // issuers has a redemption record in storage---the signing helper should
  // return kOk but attach an empty RR header.
  EXPECT_EQ(result, mojom::TrustTokenOperationStatus::kOk);
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_THAT(*my_request, Not(Header("Sec-Signature")));
 }
@@ -259,7 +259,7 @@ TEST_F(TrustTokenRequestSigningHelperTest, MergesHeaders) {
      url::Origin::Create(GURL("https://initiator.com/")));
  my_request->SetExtraRequestHeaderByName(
-      "Signed-Headers", "Sec-Signed-Redemption-Record", /*overwrite=*/true);
+      "Signed-Headers", "Sec-Redemption-Record", /*overwrite=*/true);
  mojom::TrustTokenOperationStatus result =
      ExecuteBeginOperationAndWaitForResult(&helper, my_request.get());
@@ -270,10 +270,10 @@ TEST_F(TrustTokenRequestSigningHelperTest, MergesHeaders) {
      "Signed-Headers", &signed_headers_header_value));
  // Headers should have been merged and lower-cased.
-  EXPECT_THAT(base::SplitString(signed_headers_header_value, ",",
+  EXPECT_THAT(
-                                base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL),
+      base::SplitString(signed_headers_header_value, ",", base::KEEP_WHITESPACE,
-              UnorderedElementsAre(StrEq("sec-time"),
+                        base::SPLIT_WANT_ALL),
-                                   StrEq("sec-signed-redemption-record")));
+      UnorderedElementsAre(StrEq("sec-time"), StrEq("sec-redemption-record")));
 }
 TEST_F(TrustTokenRequestSigningHelperTest,
@@ -315,7 +315,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
  // In failure cases, the signing helper should return kOk but attach an empty
  // RR header.
  EXPECT_EQ(result, mojom::TrustTokenOperationStatus::kOk);
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_THAT(*my_request, Not(Header("Signed-Headers")));
 }
@@ -352,7 +352,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
      ExecuteBeginOperationAndWaitForResult(&helper, my_request.get());
  EXPECT_EQ(result, mojom::TrustTokenOperationStatus::kOk);
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_THAT(*my_request, Not(Header("Signed-Headers")));
 }
@@ -442,7 +442,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
  std::string redemption_record_header;
  ASSERT_TRUE(my_request->extra_request_headers().GetHeader(
-      "Sec-Signed-Redemption-Record", &redemption_record_header));
+      "Sec-Redemption-Record", &redemption_record_header));
  std::map<SuitableTrustTokenOrigin, std::string> redemption_records_per_issuer;
  std::string error;
  ASSERT_TRUE(test::ExtractRedemptionRecordsFromHeader(
@@ -510,7 +510,7 @@ TEST_F(TrustTokenRequestSigningHelperTest, SignAndVerifyWithHeaders) {
  record.set_public_key("key");
  store->SetRedemptionRecord(params.issuers.front(), params.toplevel, record);
  params.additional_headers_to_sign =
-      std::vector<std::string>{"Sec-Signed-Redemption-Record"};
+      std::vector<std::string>{"Sec-Redemption-Record"};
  params.issuers.push_back(
      *SuitableTrustTokenOrigin::Create(GURL("https://second-issuer.example")));
@@ -595,7 +595,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
  record.set_public_key("key");
  store->SetRedemptionRecord(params.issuers.front(), params.toplevel, record);
  params.additional_headers_to_sign =
-      std::vector<std::string>{"Sec-Signed-Redemption-Record"};
+      std::vector<std::string>{"Sec-Redemption-Record"};
  auto canonicalizer = std::make_unique<TrustTokenRequestCanonicalizer>();
  TrustTokenRequestSigningHelper helper(store.get(), std::move(params),
@@ -630,7 +630,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
 }
 // When signing fails, the request should have an empty
-// Sec-Signed-Redemption-Record header attached, and none of the other headers
+// Sec-Redemption-Record header attached, and none of the other headers
 // that could potentially be added during signing.
 TEST_F(TrustTokenRequestSigningHelperTest, CatchesSignatureFailure) {
  std::unique_ptr<TrustTokenStore> store = TrustTokenStore::CreateForTesting();
@@ -648,7 +648,7 @@ TEST_F(TrustTokenRequestSigningHelperTest, CatchesSignatureFailure) {
  params.should_add_timestamp = true;
  params.additional_headers_to_sign =
-      std::vector<std::string>{"Sec-Signed-Redemption-Record"};
+      std::vector<std::string>{"Sec-Redemption-Record"};
  // FailingSigner will fail to sign the request, so we should see the operation
  // fail.
@@ -669,7 +669,7 @@ TEST_F(TrustTokenRequestSigningHelperTest, CatchesSignatureFailure) {
  EXPECT_THAT(*my_request, Not(Header("Signed-Headers")));
  EXPECT_THAT(*my_request, Not(Header("Sec-Time")));
  EXPECT_THAT(*my_request, Not(Header("Sec-Signature")));
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_TRUE(base::ranges::any_of(
      net_log.GetEntriesWithType(
          net::NetLogEventType::TRUST_TOKEN_OPERATION_BEGIN_SIGNING),
@@ -760,7 +760,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
  // In failure cases, the signing helper should return kOk but attach an empty
  // RR header.
  EXPECT_EQ(result, mojom::TrustTokenOperationStatus::kOk);
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_THAT(*my_request, Not(Header("Signed-Headers")));
  EXPECT_THAT(*my_request,
              Not(Header("Sec-Trust-Tokens-Additional-Signing-Data")));
@@ -795,7 +795,7 @@ TEST_F(TrustTokenRequestSigningHelperTest,
  // In failure cases, the signing helper should return kOk but attach an empty
  // RR header.
  EXPECT_EQ(result, mojom::TrustTokenOperationStatus::kOk);
-  EXPECT_THAT(*my_request, Header("Sec-Signed-Redemption-Record", IsEmpty()));
+  EXPECT_THAT(*my_request, Header("Sec-Redemption-Record", IsEmpty()));
  EXPECT_THAT(*my_request, Not(Header("Signed-Headers")));
  EXPECT_THAT(*my_request,
              Not(Header("Sec-Trust-Tokens-Additional-Signing-Data")));