Persistent storage permission: don't grant for session-only origins

A user or admin can make a site be "session-only", i.e. all data is
cleared when the user leaves the site. In the UI at
chrome://settings/content/cookies this is done by adding sites to the
"Clear on exit" list. We shouldn't grant the permission for sites with
this property, since we do so with heuristics and we encourage
developers to request the permission before offering the user a of
guarantee about offline storage availability. If we granted the
permission, the site would end up giving a false commitment to the
user.

Bug: 824950
Change-Id: I6ccd53376fc3aed65dd742b3fc0938c203281e7b
Reviewed-on: https://chromium-review.googlesource.com/1208149Reviewed-by: Christian Dullweber <dullweber@chromium.org>
Commit-Queue: Joshua Bell <jsbell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589537}

chrome/browser/storage/durable_storage_browsertest.cc

@@ -8,6 +8,7 @@
 #include "base/macros.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/bookmarks/bookmark_model_factory.h"
+#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
@@ -18,6 +19,7 @@
 #include "components/bookmarks/browser/bookmark_model.h"
 #include "components/bookmarks/browser/bookmark_utils.h"
 #include "components/bookmarks/test/bookmark_test_helpers.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
@@ -175,3 +177,15 @@ IN_PROC_BROWSER_TEST_F(DurableStorageBrowserTest, Incognito) {
   EXPECT_EQ("granted",
             CheckPermissionUsingPermissionApi(GetRenderFrameHost(browser)));
 }
+
+IN_PROC_BROWSER_TEST_F(DurableStorageBrowserTest, SessionOnly) {
+  HostContentSettingsMapFactory::GetForProfile(browser()->profile())
+      ->SetDefaultContentSetting(CONTENT_SETTINGS_TYPE_COOKIES,
+                                 CONTENT_SETTING_SESSION_ONLY);
+  Bookmark();
+  ui_test_utils::NavigateToURL(browser(), url_);
+
+  EXPECT_FALSE(RequestPermission());
+  EXPECT_FALSE(CheckPermission());
+  EXPECT_EQ("prompt", CheckPermissionUsingPermissionApi());
+}

chrome/browser/storage/durable_storage_permission_context.cc

@@ -57,10 +57,13 @@ void DurableStoragePermissionContext::DecidePermission(
     return;
   }
 
-  // Don't grant durable if we can't write cookies.
   scoped_refptr<content_settings::CookieSettings> cookie_settings =
       CookieSettingsFactory::GetForProfile(profile());
-  if (!cookie_settings->IsCookieAccessAllowed(requesting_origin,
+
+  // Don't grant durable for session-only storage, since it won't be persisted
+  // anyway. Don't grant durable if we can't write cookies.
+  if (cookie_settings->IsCookieSessionOnly(requesting_origin) ||
+      !cookie_settings->IsCookieAccessAllowed(requesting_origin,
                                               requesting_origin)) {
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_DEFAULT);