Switch WebPushSender to credentials_mode.

This CL is part of a larger project to remove the LOAD_DO_NOT_* privacy load flags and replace them with the allow_credentials setting. See https://crbug.com/799935 and https://docs.google.com/document/d/1ntn9N7Ce2jozvvpWI0XbzJ7lJdwUjJXK07wp7rxrIN4 for the motivation for this change. Using credential_mode makes it harder to forget LOAD_DO_NOT_SEND_AUTH_DATA along with the two cookie flags. This has two implications: - The request will no longer participate in HTTP auth if the server requests it. HTTP auth credentials identify the user, so private requests should not send them. Note this only affects server auth, not proxy auth. Unless the server your feature speaks to requests HTTP auth, this is a no-op. - The request will be pooled with sockets used for uncredentialed requests, rather than credentialed requests. This is not expected to meaningfully change behavior. If your code requires HTTP authentication, let me know. You may need to allow credentials for your request. Bug: 799935 Change-Id: I64c4c87a16cfb70e1ffbb5abdcc9097c48ef9956 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1752745 Auto-Submit: David Benjamin <davidben@chromium.org> Reviewed-by: Jian Li <jianli@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#686598}

Switch WebPushSender to credentials_mode.
This CL is part of a larger project to remove the LOAD_DO_NOT_* privacy load flags and replace them with the allow_credentials setting. See https://crbug.com/799935 and https://docs.google.com/document/d/1ntn9N7Ce2jozvvpWI0XbzJ7lJdwUjJXK07wp7rxrIN4 for the motivation for this change. Using credential_mode makes it harder to forget LOAD_DO_NOT_SEND_AUTH_DATA along with the two cookie flags. This has two implications: - The request will no longer participate in HTTP auth if the server requests it. HTTP auth credentials identify the user, so private requests should not send them. Note this only affects server auth, not proxy auth. Unless the server your feature speaks to requests HTTP auth, this is a no-op. - The request will be pooled with sockets used for uncredentialed requests, rather than credentialed requests. This is not expected to meaningfully change behavior. If your code requires HTTP authentication, let me know. You may need to allow credentials for your request. Bug: 799935 Change-Id: I64c4c87a16cfb70e1ffbb5abdcc9097c48ef9956 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1752745 Auto-Submit: David Benjamin <davidben@chromium.org> Reviewed-by: Jian Li <jianli@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#686598}
86aa928c · David Benjamin · Commit Bot · 93140617 · 86aa928c
Commit 86aa928c authored Aug 13, 2019 by David Benjamin Committed by Commit Bot Aug 13, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

components/gcm_driver/web_push_sender.cc components/gcm_driver/web_push_sender.cc +1 -3

No files found.
--- a/components/gcm_driver/web_push_sender.cc
+++ b/components/gcm_driver/web_push_sender.cc
@@ -15,7 +15,6 @@
 #include "components/gcm_driver/crypto/json_web_token_util.h"
 #include "components/gcm_driver/crypto/p256_key_util.h"
 #include "components/gcm_driver/web_push_metrics.h"
-#include "net/base/load_flags.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_status_code.h"
 #include "services/network/public/cpp/cors/cors.h"
@@ -102,8 +101,7 @@ std::unique_ptr<network::SimpleURLLoader> BuildURLLoader(
  std::string server_url =
      base::StringPrintf(kFCMServerUrlFormat, fcm_token.c_str());
  resource_request->url = GURL(server_url);
-  resource_request->load_flags =
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
  resource_request->method = "POST";
  resource_request->headers.SetHeader(net::HttpRequestHeaders::kAuthorization,
                                      auth_header);