Use secure Google URL in GaiaCookieManagerService

This change switches http://google.com to https://google.com in the
GaiaCookieManagerService. This is for the purpose of fixing the
DiceBrowsingDataRemoverBrowserTests, which otherwise fail when the
test cookie is made Secure. This test cookie must be made Secure because
it is set with SameSite=None, which under the upcoming SameSite changes
(see crbug.com/1002052) means the cookie will be rejected unless it is
secure.

Bug: 1006816
Change-Id: I2c5b5dd393c8547dbdacb832fb1447090a00a6a7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1829672
Commit-Queue: Lily Chen <chlily@chromium.org>
Reviewed-by: Christian Dullweber <dullweber@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#701555}

chrome/browser/browsing_data/browsing_data_remover_browsertest.cc

@@ -257,11 +257,12 @@ std::string GetCookiesTreeModelInfo(const CookieTreeNode* root) {
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
 // Sets the APISID Gaia cookie, which is monitored by the AccountReconcilor.
 bool SetGaiaCookieForProfile(Profile* profile) {
-  GURL google_url = GaiaUrls::GetInstance()->google_url();
-  net::CanonicalCookie cookie("APISID", std::string(), "." + google_url.host(),
-                              "/", base::Time(), base::Time(), base::Time(),
-                              false, false, net::CookieSameSite::NO_RESTRICTION,
-                              net::COOKIE_PRIORITY_DEFAULT);
+  GURL google_url = GaiaUrls::GetInstance()->secure_google_url();
+  // TODO(crbug.com/889632): Change to SAPISID. See crrev.com/c/1827399.
+  net::CanonicalCookie cookie(
+      "APISID", std::string(), "." + google_url.host(), "/", base::Time(),
+      base::Time(), base::Time(), true /* secure */, false /* httponly */,
+      net::CookieSameSite::NO_RESTRICTION, net::COOKIE_PRIORITY_DEFAULT);
 
   bool success = false;
   base::RunLoop loop;
@@ -274,9 +275,8 @@ bool SetGaiaCookieForProfile(Profile* profile) {
   network::mojom::CookieManager* cookie_manager =
       content::BrowserContext::GetDefaultStoragePartition(profile)
           ->GetCookieManagerForBrowserProcess();
-  net::CookieOptions options;
-  options.set_include_httponly();
-  cookie_manager->SetCanonicalCookie(cookie, "https", options,
+  cookie_manager->SetCanonicalCookie(cookie, google_url.scheme(),
+                                     net::CookieOptions::MakeAllInclusive(),
                                      std::move(callback));
   loop.Run();
   return success;

components/signin/internal/identity_manager/gaia_cookie_manager_service.cc

@@ -458,7 +458,7 @@ void GaiaCookieManagerService::InitCookieListener() {
   // testing contexts.
   if (cookie_manager) {
     cookie_manager->AddCookieChangeListener(
-        GaiaUrls::GetInstance()->google_url(), kGaiaCookieName,
+        GaiaUrls::GetInstance()->secure_google_url(), kGaiaCookieName,
         cookie_listener_receiver_.BindNewPipeAndPassRemote());
     cookie_listener_receiver_.set_disconnect_handler(base::BindOnce(
         &GaiaCookieManagerService::OnCookieListenerConnectionError,
@@ -573,12 +573,13 @@ void GaiaCookieManagerService::TriggerListAccounts() {
 }
 
 void GaiaCookieManagerService::ForceOnCookieChangeProcessing() {
-  GURL google_url = GaiaUrls::GetInstance()->google_url();
+  GURL google_url = GaiaUrls::GetInstance()->secure_google_url();
   std::unique_ptr<net::CanonicalCookie> cookie(
       std::make_unique<net::CanonicalCookie>(
           kGaiaCookieName, std::string(), "." + google_url.host(), "/",
-          base::Time(), base::Time(), base::Time(), false, false,
-          net::CookieSameSite::NO_RESTRICTION, net::COOKIE_PRIORITY_DEFAULT));
+          base::Time(), base::Time(), base::Time(), true /* secure */,
+          false /* httponly */, net::CookieSameSite::NO_RESTRICTION,
+          net::COOKIE_PRIORITY_DEFAULT));
   OnCookieChange(*cookie, network::mojom::CookieChangeCause::UNKNOWN_DELETION);
 }
 

google_apis/gaia/gaia_urls.cc

@@ -9,6 +9,8 @@
 #include "base/strings/stringprintf.h"
 #include "google_apis/gaia/gaia_switches.h"
 #include "google_apis/google_api_keys.h"
+#include "url/url_canon.h"
+#include "url/url_constants.h"
 
 namespace {
 
@@ -88,6 +90,10 @@ GaiaUrls* GaiaUrls::GetInstance() {
 GaiaUrls::GaiaUrls() {
   google_url_ = GetURLSwitchValueWithDefault(switches::kGoogleUrl,
                                              kDefaultGoogleUrl);
+  url::Replacements<char> scheme_replacement;
+  scheme_replacement.SetScheme(url::kHttpsScheme,
+                               url::Component(0, strlen(url::kHttpsScheme)));
+  secure_google_url_ = google_url_.ReplaceComponents(scheme_replacement);
   gaia_url_ = GetURLSwitchValueWithDefault(switches::kGaiaUrl, kDefaultGaiaUrl);
   GURL lso_origin_url =
       GetURLSwitchValueWithDefault(switches::kLsoUrl, kDefaultGaiaUrl);
@@ -157,6 +163,10 @@ const GURL& GaiaUrls::google_url() const {
   return google_url_;
 }
 
+const GURL& GaiaUrls::secure_google_url() const {
+  return secure_google_url_;
+}
+
 const GURL& GaiaUrls::gaia_url() const {
   return gaia_url_;
 }

google_apis/gaia/gaia_urls.h

@@ -18,6 +18,7 @@ class GaiaUrls {
 
   // The URLs for different calls in the Google Accounts programmatic login API.
   const GURL& google_url() const;
+  const GURL& secure_google_url() const;
   const GURL& gaia_url() const;
   const GURL& captcha_base_url() const;
   const GURL& client_login_url() const;
@@ -61,6 +62,7 @@ class GaiaUrls {
   friend struct base::DefaultSingletonTraits<GaiaUrls>;
 
   GURL google_url_;
+  GURL secure_google_url_;
   GURL gaia_url_;
   GURL captcha_base_url_;