Remove two recent-access-based modifications to cookie SameSite behavior

This removes the features:
 - kRecentHttpSameSiteAccessGrantsLegacyCookieSemantics
 - kRecentCreationTimeGrantsLegacyCookieSemantics
which would modify SameSite cookie access semantics based on how
recently the cookie was accessed or created.

These features were never enabled, experimented with, or standardized,
and are now obsolete.

Bug: 1029099, 1029098
Change-Id: I0e91a29447f8a7579f1247797eb7aa644762390a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2495350Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Commit-Queue: Lily Chen <chlily@chromium.org>
Cr-Commit-Position: refs/heads/master@{#820775}

net/base/features.cc

@@ -135,22 +135,6 @@ const base::Feature kShortLaxAllowUnsafeThreshold{
 const base::Feature kSameSiteDefaultChecksMethodRigorously{
     "SameSiteDefaultChecksMethodRigorously", base::FEATURE_DISABLED_BY_DEFAULT};
 
-const base::Feature kRecentHttpSameSiteAccessGrantsLegacyCookieSemantics{
-    "RecentHttpSameSiteAccessGrantsLegacyCookieSemantics",
-    base::FEATURE_DISABLED_BY_DEFAULT};
-const base::FeatureParam<int>
-    kRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsMilliseconds{
-        &kRecentHttpSameSiteAccessGrantsLegacyCookieSemantics,
-        "RecentHttpSameSiteAccessGrantsLegacyCookieSemanticsMilliseconds", 0};
-
-const base::Feature kRecentCreationTimeGrantsLegacyCookieSemantics{
-    "RecentCreationTimeGrantsLegacyCookieSemantics",
-    base::FEATURE_DISABLED_BY_DEFAULT};
-const base::FeatureParam<int>
-    kRecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds{
-        &kRecentCreationTimeGrantsLegacyCookieSemantics,
-        "RecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds", 0};
-
 #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
 const base::Feature kCertVerifierBuiltinFeature{
     "CertVerifierBuiltin", base::FEATURE_DISABLED_BY_DEFAULT};

net/base/features.h

@@ -212,29 +212,6 @@ NET_EXPORT extern const base::Feature kShortLaxAllowUnsafeThreshold;
 // This only has an effect if the cookie defaults to SameSite=Lax.
 NET_EXPORT extern const base::Feature kSameSiteDefaultChecksMethodRigorously;
 
-// If this is set and has a non-zero param value, any access to a cookie will be
-// granted Legacy access semantics if the last access to a cookie with the same
-// (name, domain, path) from a context that is same-site and permits
-// HttpOnly access occurred less than (param value) milliseconds ago. The last
-// eligible access must have occurred in the current browser session (i.e. it
-// does not persist across sessions). This feature does nothing if
-// kCookiesWithoutSameSiteMustBeSecure is not enabled.
-NET_EXPORT extern const base::Feature
-    kRecentHttpSameSiteAccessGrantsLegacyCookieSemantics;
-NET_EXPORT extern const base::FeatureParam<int>
-    kRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsMilliseconds;
-
-// Recently created cookies are granted legacy access semantics. If this is set
-// and has a non-zero integer param value, then for the first (param value)
-// milliseconds after the cookie is created, the cookie will behave as if it
-// were "legacy" i.e. not handled according to SameSiteByDefaultCookies/
-// CookiesWithoutSameSiteMustBeSecure rules.
-// This does nothing if SameSiteByDefaultCookies is not enabled.
-NET_EXPORT extern const base::Feature
-    kRecentCreationTimeGrantsLegacyCookieSemantics;
-NET_EXPORT extern const base::FeatureParam<int>
-    kRecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds;
-
 #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
 // When enabled, use the builtin cert verifier instead of the platform verifier.
 NET_EXPORT extern const base::Feature kCertVerifierBuiltinFeature;

net/cookies/cookie_monster.h

@@ -438,14 +438,6 @@ class NET_EXPORT CookieMonster : public CookieStore {
       base::Time* creation_date_to_inherit,
       CookieInclusionStatus* status);
 
-  // This is only used if the RecentCreationTimeGrantsLegacyCookieSemantics
-  // feature is enabled. It finds an equivalent cookie (based on name, domain,
-  // path) with the same value, if there is any, and returns its creation time,
-  // or the creation time of the |cookie| itself, if there is none.
-  base::Time EffectiveCreationTimeForMaybePreexistingCookie(
-      const std::string& key,
-      const CanonicalCookie& cookie) const;
-
   // Inserts |cc| into cookies_. Returns an iterator that points to the inserted
   // cookie in cookies_. Guarantee: all iterators to cookies_ remain valid.
   CookieMap::iterator InternalInsertCookie(
@@ -522,50 +514,12 @@ class NET_EXPORT CookieMonster : public CookieStore {
 
   bool HasCookieableScheme(const GURL& url);
 
-  // Get the cookie's access semantics (LEGACY or NONLEGACY), considering any
-  // features granting legacy semantics for special conditions (if any are
-  // active and meet the conditions for granting legacy access, pass true for
-  // |legacy_semantics_granted|). If none are active, this then checks for a
+  // Get the cookie's access semantics (LEGACY or NONLEGACY), by checking for a
   // value from the cookie access delegate, if it is non-null. Otherwise returns
   // UNKNOWN.
   CookieAccessSemantics GetAccessSemanticsForCookie(
-      const CanonicalCookie& cookie,
-      bool legacy_semantics_granted) const;
-
-  // This is called for getting a cookie.
-  CookieAccessSemantics GetAccessSemanticsForCookieGet(
       const CanonicalCookie& cookie) const;
 
-  // This is called for setting a cookie with the options specified by
-  // |options|. For setting a cookie, a same-site access is lax or better (since
-  // CookieOptions for setting a cookie will never be strict).
-  // |effective_creation_time| is the time that should be used for deciding
-  // whether the RecentCreationTimeGrantsLegacyCookieSemantics feature should
-  // grant legacy semantics. This may differ from the CreationDate() field of
-  // the cookie, if there was a preexisting equivalent cookie (in which case it
-  // is the creation time of that equivalent cookie).
-  CookieAccessSemantics GetAccessSemanticsForCookieSet(
-      const CanonicalCookie& cookie,
-      const CookieOptions& options,
-      base::Time effective_creation_time) const;
-
-  // Looks up the last time a cookie matching the (name, domain, path) of
-  // |cookie| was accessed in a same-site context permitting HttpOnly
-  // cookie access. If there was none, this returns a null base::Time.
-  // Returns null value if RecentHttpSameSiteAccessGrantsLegacyCookieSemantics
-  // is not enabled.
-  base::TimeTicks LastAccessFromHttpSameSiteContext(
-      const CanonicalCookie& cookie) const;
-
-  // Updates |last_http_same_site_accesses_| with the current time if the
-  // |options| are appropriate (same-site and permits HttpOnly access).
-  // |is_set| is true if the access is setting the cookie, false otherwise (e.g.
-  // if getting the cookie). Does nothing if
-  // RecentHttpSameSiteAccessGrantsLegacyCookieSemantics is not enabled.
-  void MaybeRecordCookieAccessWithOptions(const CanonicalCookie& cookie,
-                                          const CookieOptions& options,
-                                          bool is_set);
-
   // Statistics support
 
   // This function should be called repeatedly, and will record
@@ -663,17 +617,6 @@ class NET_EXPORT CookieMonster : public CookieStore {
   // wanted.  Thus this value is not initialized.
   base::Time earliest_access_time_;
 
-  // Records the last access to a cookie (either getting or setting) from a
-  // context that is both same-site and permits HttpOnly access.
-  // The access is considered same-site if it is at least laxly same-site for
-  // set, or strictly same-site for get.
-  // This information is used to determine if the feature
-  // kRecentSameSiteAccessGrantsLegacyCookieSemantics should grant legacy
-  // access semantics to a cookie for subsequent accesses.
-  // This map is not used if that feature is not enabled.
-  std::map<CanonicalCookie::UniqueCookieKey, base::TimeTicks>
-      last_http_same_site_accesses_;
-
   std::vector<std::string> cookieable_schemes_;
 
   base::Time last_statistic_record_time_;

net/cookies/cookie_util.cc

@@ -630,51 +630,6 @@ bool IsSchemefulSameSiteEnabled() {
   return base::FeatureList::IsEnabled(features::kSchemefulSameSite);
 }
 
-bool IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled() {
-  return IsSameSiteByDefaultCookiesEnabled() &&
-         base::FeatureList::IsEnabled(
-             features::kRecentHttpSameSiteAccessGrantsLegacyCookieSemantics) &&
-         features::
-                 kRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsMilliseconds
-                     .Get() > 0;
-}
-
-bool IsRecentCreationTimeGrantsLegacyCookieSemanticsEnabled() {
-  return IsSameSiteByDefaultCookiesEnabled() &&
-         base::FeatureList::IsEnabled(
-             features::kRecentCreationTimeGrantsLegacyCookieSemantics) &&
-         features::kRecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds
-                 .Get() > 0;
-}
-
-bool DoesLastHttpSameSiteAccessGrantLegacySemantics(
-    base::TimeTicks last_http_same_site_access) {
-  if (last_http_same_site_access.is_null())
-    return false;
-  if (!IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled())
-    return false;
-
-  base::TimeDelta recency_threshold = base::TimeDelta::FromMilliseconds(
-      features::kRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsMilliseconds
-          .Get());
-  DCHECK(!recency_threshold.is_zero());
-  return (base::TimeTicks::Now() - last_http_same_site_access) <
-         recency_threshold;
-}
-
-bool DoesCreationTimeGrantLegacySemantics(base::Time creation_date) {
-  if (creation_date.is_null())
-    return false;
-  if (!IsRecentCreationTimeGrantsLegacyCookieSemanticsEnabled())
-    return false;
-
-  base::TimeDelta recency_threshold = base::TimeDelta::FromMilliseconds(
-      features::kRecentCreationTimeGrantsLegacyCookieSemanticsMilliseconds
-          .Get());
-  DCHECK(!recency_threshold.is_zero());
-  return (base::Time::Now() - creation_date) < recency_threshold;
-}
-
 base::OnceCallback<void(CookieAccessResult)> AdaptCookieAccessResultToBool(
     base::OnceCallback<void(bool)> callback) {
   return base::BindOnce(

net/cookies/cookie_util.h

@@ -230,21 +230,6 @@ NET_EXPORT bool IsSameSiteCompatPair(const CanonicalCookie& c1,
 NET_EXPORT bool IsSameSiteByDefaultCookiesEnabled();
 NET_EXPORT bool IsCookiesWithoutSameSiteMustBeSecureEnabled();
 NET_EXPORT bool IsSchemefulSameSiteEnabled();
-bool IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled();
-bool IsRecentCreationTimeGrantsLegacyCookieSemanticsEnabled();
-
-// Determines whether the last same-site access to a cookie should grant legacy
-// access semantics to the current attempted cookies access, based on the state
-// of the feature kRecentSameSiteAccessGrantsLegacyCookieSemantics, the value of
-// the feature param, and the time since the last eligible same-site access.
-bool DoesLastHttpSameSiteAccessGrantLegacySemantics(
-    base::TimeTicks last_http_same_site_access);
-
-// Determines whether the creation time of a cookie should grant legacy
-// access semantics to the current attempted cookies access, based on the state
-// of the feature kRecentCreationTimeGrantsLegacyCookieSemantics, the value of
-// the feature param, and the creation time of the cookie.
-bool DoesCreationTimeGrantLegacySemantics(base::Time creation_date);
 
 // Takes a callback accepting a CookieAccessResult and returns a callback
 // that accepts a bool, setting the bool to true if the CookieInclusionStatus