Make cross-site requests initiated by extensions attach SameSite cookies

This change causes |attach_same_site_cookies|, which is used for
requests initiated by extensions, always attach SameSite cookies (as
the name implies). Previously, it would only attach SameSite cookies if
the request context was Lax or better, which would cause cross-site
requests (i.e. most requests initiated by extensions) to exclude
SameSite cookies.

Bug: 1007973
Change-Id: Ic5d04df3915e812b743bad8b44efff30fd2de795
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1824553Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Commit-Queue: Lily Chen <chlily@chromium.org>
Cr-Commit-Position: refs/heads/master@{#699826}

net/cookies/cookie_util.cc

@@ -419,25 +419,25 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest(
   //   target a top-level browsing context.
   //
   // * Include both "strict" and "lax" same-site cookies if the request is
-  //   tagged with a flag allowing it and "lax" would have been allowed had
-  //   |http_method| been safe.
+  //   tagged with a flag allowing it.
   //
   //   Note that this can be the case for requests initiated by extensions,
   //   which need to behave as though they are made by the document itself,
   //   but appear like cross-site ones.
   //
   // * Otherwise, do not include same-site cookies.
+  if (attach_same_site_cookies)
+    return CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT;
+
   CookieOptions::SameSiteCookieContext same_site_context =
       ComputeSameSiteContext(url, site_for_cookies, initiator);
+
+  // If the method is safe, the context is Lax. Otherwise, make a note that
+  // the method is unsafe.
   if (same_site_context ==
-      CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
-    if (attach_same_site_cookies) {
-      same_site_context =
-          CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT;
-    } else if (!net::HttpUtil::IsMethodSafe(http_method)) {
-      same_site_context =
-          CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE;
-    }
+          CookieOptions::SameSiteCookieContext::SAME_SITE_LAX &&
+      !net::HttpUtil::IsMethodSafe(http_method)) {
+    return CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE;
   }
   return same_site_context;
 }

net/cookies/cookie_util.h

@@ -97,6 +97,9 @@ NET_EXPORT std::string SerializeRequestCookieLine(
 // the user directly interacting with the browser UI, e.g. entering a URL
 // or selecting a bookmark.
 //
+// If |attach_same_site_cookies| is specified, all SameSite cookies will be
+// attached.
+//
 // See also documentation for corresponding methods on net::URLRequest.
 //
 // |http_method| is used to enforce the requirement that, in a context that's

net/cookies/cookie_util_unittest.cc

@@ -318,8 +318,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) {
           "GET", GURL("http://example.com"), GURL("http://notexample.com"),
           base::nullopt /*initiator*/, false /*attach_same_site_cookies*/));
 
-  // |attach_same_site_cookies| = true bypasses method and initiator
-  // checks, but not the |site_for_cookies| one.
+  // |attach_same_site_cookies| = true bypasses all checks.
   EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
             cookie_util::ComputeSameSiteContextForRequest(
                 "GET", GURL("http://example.com"), GURL("http://example.com"),
@@ -332,7 +331,7 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) {
                 url::Origin::Create(GURL("http://from-elsewhere.com")),
                 true /*attach_same_site_cookies*/));
 
-  EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE,
+  EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
             cookie_util::ComputeSameSiteContextForRequest(
                 "GET", GURL("http://example.com"), GURL("http://question.com"),
                 url::Origin::Create(GURL("http://from-elsewhere.com")),