Access Context Auditing: use url::Origin for origins rather than GURL

Access Context Auditing relies on the concept of an origin in numerous places. These were previously represented as GURLs, this change moves all uses to use url::Origin instead. Bug: 1101675 Change-Id: Ibfef15789c598c3ce492eac359f3d807908942bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2279887 Commit-Queue: Theodore Olsauskas-Warren <sauski@google.com> Reviewed-by: Martin Šrámek <msramek@chromium.org> Cr-Commit-Position: refs/heads/master@{#785918}

Access Context Auditing: use url::Origin for origins rather than GURL
Access Context Auditing relies on the concept of an origin in numerous places. These were previously represented as GURLs, this change moves all uses to use url::Origin instead. Bug: 1101675 Change-Id: Ibfef15789c598c3ce492eac359f3d807908942bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2279887 Commit-Queue: Theodore Olsauskas-Warren <sauski@google.com> Reviewed-by: Martin Šrámek <msramek@chromium.org> Cr-Commit-Position: refs/heads/master@{#785918}
e18617cc · sauski · Commit Bot · 360dafd7 · e18617cc · e18617cc
Commit e18617cc authored Jul 07, 2020 by sauski Committed by Commit Bot Jul 07, 2020
8 changed files
--- a/chrome/browser/browsing_data/access_context_audit_browsertest.cc
+++ b/chrome/browser/browsing_data/access_context_audit_browsertest.cc
@@ -34,8 +34,6 @@ namespace {
 // Use host names that are explicitly included in test certificates.
 constexpr char kTopLevelHost[] = "a.test";
 constexpr char kEmbeddedHost[] = "b.test";
-constexpr char kTopLevelHostAsOrigin[] = "https://a.test";
-constexpr char kEmbeddedHostAsOrigin[] = "https://b.test";

 std::string GetPathWithHostAndPortReplaced(const std::string& original_path,
                                           net::HostPortPair host_port_pair) {
@@ -52,7 +50,7 @@ std::string GetPathWithHostAndPortReplaced(const std::string& original_path,
 void CheckContainsCookieAndRecord(
    const std::vector<net::CanonicalCookie>& cookies,
    const std::vector<AccessContextAuditDatabase::AccessRecord>& record_list,
-    const GURL& top_frame_origin,
+    const url::Origin& top_frame_origin,
    const std::string& name,
    const std::string& domain,
    const std::string& path,
@@ -127,8 +125,12 @@ class AccessContextAuditBrowserTest : public InProcessBrowserTest {
    return cookies_out;
  }

-  GURL top_level_origin() { return top_level_.GetURL(kTopLevelHost, "/"); }
-  GURL embedded_origin() { return embedded_.GetURL(kEmbeddedHost, "/"); }
+  url::Origin top_level_origin() {
+    return url::Origin::Create(top_level_.GetURL(kTopLevelHost, "/"));
+  }
+  url::Origin embedded_origin() {
+    return url::Origin::Create(embedded_.GetURL(kEmbeddedHost, "/"));
+  }

 protected:
  base::test::ScopedFeatureList feature_list_;
@@ -180,13 +182,13 @@ IN_PROC_BROWSER_TEST_F(AccessContextAuditBrowserTest, PRE_RemoveRecords) {
  auto cookies = GetAllCookies();
  EXPECT_EQ(records.size(), 3u);
  EXPECT_EQ(cookies.size(), 2u);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kTopLevelHostAsOrigin),
-                               "embedder", kTopLevelHost, "/",
+  CheckContainsCookieAndRecord(cookies, records, top_level_origin(), "embedder",
+                               kTopLevelHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kTopLevelHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, top_level_origin(),
                               "persistent", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kEmbeddedHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, embedded_origin(),
                               "persistent", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
 }
@@ -287,19 +289,19 @@ IN_PROC_BROWSER_TEST_F(AccessContextAuditSessionRestoreBrowserTest,
  auto cookies = GetAllCookies();
  EXPECT_EQ(records.size(), 5u);
  EXPECT_EQ(cookies.size(), 3u);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kTopLevelHostAsOrigin),
-                               "embedder", kTopLevelHost, "/",
+  CheckContainsCookieAndRecord(cookies, records, top_level_origin(), "embedder",
+                               kTopLevelHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kTopLevelHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, top_level_origin(),
                               "session_only", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kTopLevelHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, top_level_origin(),
                               "persistent", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kEmbeddedHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, embedded_origin(),
                               "persistent", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
-  CheckContainsCookieAndRecord(cookies, records, GURL(kEmbeddedHostAsOrigin),
+  CheckContainsCookieAndRecord(cookies, records, embedded_origin(),
                               "session_only", kEmbeddedHost, "/",
                               /*compare_host_only*/ true);
 }
--- a/chrome/browser/browsing_data/access_context_audit_database.cc
+++ b/chrome/browser/browsing_data/access_context_audit_database.cc
@@ -75,7 +75,7 @@ bool DeleteNonPersistentCookies(sql::Database* db) {
 }  // namespace

 AccessContextAuditDatabase::AccessRecord::AccessRecord(
-    const GURL& top_frame_origin,
+    const url::Origin& top_frame_origin,
    const std::string& name,
    const std::string& domain,
    const std::string& path,
@@ -90,9 +90,9 @@ AccessContextAuditDatabase::AccessRecord::AccessRecord(
      is_persistent(is_persistent) {}

 AccessContextAuditDatabase::AccessRecord::AccessRecord(
-    const GURL& top_frame_origin,
+    const url::Origin& top_frame_origin,
    const StorageAPIType& type,
-    const GURL& origin,
+    const url::Origin& origin,
    const base::Time& last_access_time)
    : top_frame_origin(top_frame_origin),
      type(type),
@@ -228,7 +228,7 @@ void AccessContextAuditDatabase::AddRecords(

  for (const auto& record : records) {
    if (record.type == StorageAPIType::kCookie) {
-      insert_cookie.BindString(0, record.top_frame_origin.GetOrigin().spec());
+      insert_cookie.BindString(0, record.top_frame_origin.Serialize());
      insert_cookie.BindString(1, record.name);
      insert_cookie.BindString(2, record.domain);
      insert_cookie.BindString(3, record.path);
@@ -242,10 +242,9 @@ void AccessContextAuditDatabase::AddRecords(

      insert_cookie.Reset(true);
    } else {
-      insert_storage_api.BindString(0,
-                                    record.top_frame_origin.GetOrigin().spec());
+      insert_storage_api.BindString(0, record.top_frame_origin.Serialize());
      insert_storage_api.BindInt(1, static_cast<int>(record.type));
-      insert_storage_api.BindString(2, record.origin.GetOrigin().spec());
+      insert_storage_api.BindString(2, record.origin.Serialize());
      insert_storage_api.BindInt64(
          3,
          record.last_access_time.ToDeltaSinceWindowsEpoch().InMicroseconds());
@@ -271,7 +270,7 @@ void AccessContextAuditDatabase::RemoveRecord(const AccessRecord& record) {
        " WHERE top_frame_origin = ? AND name = ? AND domain = ? AND path = ?");
    remove_statement.Assign(
        db_.GetCachedStatement(SQL_FROM_HERE, remove.c_str()));
-    remove_statement.BindString(0, record.top_frame_origin.GetOrigin().spec());
+    remove_statement.BindString(0, record.top_frame_origin.Serialize());
    remove_statement.BindString(1, record.name);
    remove_statement.BindString(2, record.domain);
    remove_statement.BindString(3, record.path);
@@ -280,9 +279,9 @@ void AccessContextAuditDatabase::RemoveRecord(const AccessRecord& record) {
    remove.append(" WHERE top_frame_origin = ? AND type = ? AND origin = ?");
    remove_statement.Assign(
        db_.GetCachedStatement(SQL_FROM_HERE, remove.c_str()));
-    remove_statement.BindString(0, record.top_frame_origin.GetOrigin().spec());
+    remove_statement.BindString(0, record.top_frame_origin.Serialize());
    remove_statement.BindInt(1, static_cast<int>(record.type));
-    remove_statement.BindString(2, record.origin.GetOrigin().spec());
+    remove_statement.BindString(2, record.origin.Serialize());
  }
  remove_statement.Run();
 }
@@ -311,9 +310,10 @@ void AccessContextAuditDatabase::RemoveSessionOnlyRecords(
  sql::Statement select_storage_origins(
      db_.GetCachedStatement(SQL_FROM_HERE, select.c_str()));

-  std::vector<GURL> storage_origins;
+  std::vector<url::Origin> storage_origins;
  while (select_storage_origins.Step()) {
-    storage_origins.emplace_back(GURL(select_storage_origins.ColumnString(0)));
+    storage_origins.emplace_back(
+        url::Origin::Create(GURL(select_storage_origins.ColumnString(0))));
  }

  // Remove records for all cookie domains and storage origins for which the
@@ -347,10 +347,10 @@ void AccessContextAuditDatabase::RemoveSessionOnlyRecords(
  for (const auto& origin : storage_origins) {
    // TODO(crbug.com/1099164): Rename IsCookieSessionOnly to better convey
    //                          its actual functionality.
-    if (!cookie_settings->IsCookieSessionOnly(origin))
+    if (!cookie_settings->IsCookieSessionOnly(origin.GetURL()))
      continue;

-    remove_storage_apis.BindString(0, origin.spec());
+    remove_storage_apis.BindString(0, origin.Serialize());
    if (!remove_storage_apis.Run())
      return;
    remove_storage_apis.Reset(true);
@@ -376,7 +376,7 @@ void AccessContextAuditDatabase::RemoveAllRecordsForCookie(
 }

 void AccessContextAuditDatabase::RemoveAllRecordsForOriginStorage(
-    const GURL& origin,
+    const url::Origin& origin,
    StorageAPIType type) {
  std::string remove;
  remove.append("DELETE FROM ");
@@ -384,7 +384,7 @@ void AccessContextAuditDatabase::RemoveAllRecordsForOriginStorage(
  remove.append(" WHERE origin = ? AND type = ?");
  sql::Statement remove_statement(
      db_.GetCachedStatement(SQL_FROM_HERE, remove.c_str()));
-  remove_statement.BindString(0, origin.GetOrigin().spec());
+  remove_statement.BindString(0, origin.Serialize());
  remove_statement.BindInt(1, static_cast<int>(type));
  remove_statement.Run();
 }
@@ -403,8 +403,9 @@ AccessContextAuditDatabase::GetAllRecords() {

  while (select_cookies.Step()) {
    records.emplace_back(
-        GURL(select_cookies.ColumnString(0)), select_cookies.ColumnString(1),
-        select_cookies.ColumnString(2), select_cookies.ColumnString(3),
+        url::Origin::Create(GURL(select_cookies.ColumnString(0))),
+        select_cookies.ColumnString(1), select_cookies.ColumnString(2),
+        select_cookies.ColumnString(3),
        base::Time::FromDeltaSinceWindowsEpoch(
            base::TimeDelta::FromMicroseconds(select_cookies.ColumnInt64(4))),
        select_cookies.ColumnBool(5));
@@ -418,9 +419,9 @@ AccessContextAuditDatabase::GetAllRecords() {

  while (select_storage_api.Step()) {
    records.emplace_back(
-        GURL(select_storage_api.ColumnString(0)),
+        url::Origin::Create(GURL(select_storage_api.ColumnString(0))),
        static_cast<StorageAPIType>(select_storage_api.ColumnInt(1)),
-        GURL(select_storage_api.ColumnString(2)),
+        url::Origin::Create(GURL(select_storage_api.ColumnString(2))),
        base::Time::FromDeltaSinceWindowsEpoch(
            base::TimeDelta::FromMicroseconds(
                select_storage_api.ColumnInt64(3))));

--- a/chrome/browser/browsing_data/access_context_audit_database.h
+++ b/chrome/browser/browsing_data/access_context_audit_database.h
@@ -13,7 +13,7 @@
 #include "sql/init_status.h"
 #include "sql/meta_table.h"
 #include "sql/test/test_helpers.h"
-#include "url/gurl.h"
+#include "url/origin.h"

 // Provides the backend SQLite storage to support access context auditing. This
 // requires storing information associating individual client-side storage API
@@ -38,21 +38,21 @@ class AccessContextAuditDatabase
  // An individual record of a Storage API access, associating the individual
  // API usage with a top level frame origin.
  struct AccessRecord {
-    AccessRecord(const GURL& top_frame_origin,
+    AccessRecord(const url::Origin& top_frame_origin,
                 const std::string& name,
                 const std::string& domain,
                 const std::string& path,
                 const base::Time& last_access_time,
                 bool is_persistent);
-    AccessRecord(const GURL& top_frame_origin,
+    AccessRecord(const url::Origin& top_frame_origin,
                 const StorageAPIType& type,
-                 const GURL& origin,
+                 const url::Origin& origin,
                 const base::Time& last_access_time);
    ~AccessRecord();
    AccessRecord(const AccessRecord& other);
    AccessRecord& operator=(const AccessRecord& other);

-    GURL top_frame_origin;
+    url::Origin top_frame_origin;
    StorageAPIType type;

    // Identifies a canonical cookie, only used when |type| is kCookie.
@@ -61,7 +61,7 @@ class AccessContextAuditDatabase
    std::string path;

    // Identifies an origin-keyed storage API, used when |type| is NOT kCookie.
-    GURL origin;
+    url::Origin origin;

    base::Time last_access_time;

@@ -91,7 +91,7 @@ class AccessContextAuditDatabase
                                 const std::string& path);

  // Remove all records of access to |origin|'s storage API of |type|.
-  void RemoveAllRecordsForOriginStorage(const GURL& origin,
+  void RemoveAllRecordsForOriginStorage(const url::Origin& origin,
                                        StorageAPIType type);

  // Removes all records for cookie domains and API origins that match session

--- a/chrome/browser/browsing_data/access_context_audit_database_unittest.cc
+++ b/chrome/browser/browsing_data/access_context_audit_database_unittest.cc
@@ -96,52 +96,58 @@ class AccessContextAuditDatabaseTest : public testing::Test {
  std::vector<AccessContextAuditDatabase::AccessRecord> GetTestRecords() {
    return {
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test.com"),
+            url::Origin::Create(GURL("https://test.com")),
            AccessContextAuditDatabase::StorageAPIType::kLocalStorage,
-            GURL("https://test.com"),
+            url::Origin::Create(GURL("https://test.com")),
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(1))),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test2.com:8000"),
+            url::Origin::Create(GURL("https://test2.com:8000")),
            AccessContextAuditDatabase::StorageAPIType::kLocalStorage,
-            GURL("https://test.com"),
+            url::Origin::Create(GURL("https://test.com")),
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(2))),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test2.com"), "cookie1", "test.com", "/",
+            url::Origin::Create(GURL("https://test2.com:8000")), "cookie1",
+            "test.com", "/",
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(3)),
            /* is_persistent */ true),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test2.com"), kManyContextsCookieName,
-            kManyContextsCookieDomain, kManyContextsCookiePath,
+            url::Origin::Create(GURL("https://test2.com")),
+            kManyContextsCookieName, kManyContextsCookieDomain,
+            kManyContextsCookiePath,
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(4)),
            /* is_persistent */ true),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test3.com"), kManyContextsCookieName,
-            kManyContextsCookieDomain, kManyContextsCookiePath,
+            url::Origin::Create(GURL("https://test3.com")),
+            kManyContextsCookieName, kManyContextsCookieDomain,
+            kManyContextsCookiePath,
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(4)),
            /* is_persistent */ true),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test4.com:8000"), kManyContextsStorageAPIType,
-            GURL(kManyContextsStorageAPIOrigin),
+            url::Origin::Create(GURL("https://test4.com:8000")),
+            kManyContextsStorageAPIType,
+            url::Origin::Create(GURL(kManyContextsStorageAPIOrigin)),
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(5))),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test5.com:8000"), kManyContextsStorageAPIType,
-            GURL(kManyContextsStorageAPIOrigin),
+            url::Origin::Create(GURL("https://test5.com:8000")),
+            kManyContextsStorageAPIType,
+            url::Origin::Create(GURL(kManyContextsStorageAPIOrigin)),
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(6))),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test5.com:8000"), kSingleContextStorageAPIType,
-            GURL(kManyContextsStorageAPIOrigin),
+            url::Origin::Create(GURL("https://test5.com:8000")),
+            kSingleContextStorageAPIType,
+            url::Origin::Create(GURL(kManyContextsStorageAPIOrigin)),
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(7))),
        AccessContextAuditDatabase::AccessRecord(
-            GURL("https://test6.com"), "non-persistent-cookie",
-            "non-persistent-domain", "/",
+            url::Origin::Create(GURL("https://test6.com")),
+            "non-persistent-cookie", "non-persistent-domain", "/",
            base::Time::FromDeltaSinceWindowsEpoch(
                base::TimeDelta::FromHours(8)),
            /* is_persistent */ false),
@@ -323,15 +329,16 @@ TEST_F(AccessContextAuditDatabaseTest, RemoveAllStorageRecords) {
  ValidateDatabaseRecords(database(), test_records);

  database()->RemoveAllRecordsForOriginStorage(
-      GURL(kManyContextsStorageAPIOrigin), kManyContextsStorageAPIType);
+      url::Origin::Create(GURL(kManyContextsStorageAPIOrigin)),
+      kManyContextsStorageAPIType);

  test_records.erase(
      std::remove_if(
          test_records.begin(), test_records.end(),
          [=](const AccessContextAuditDatabase::AccessRecord& record) {
            return (record.type == kManyContextsStorageAPIType &&
-                    record.origin.GetOrigin() ==
-                        GURL(kManyContextsStorageAPIOrigin).GetOrigin());
+                    record.origin == url::Origin::Create(
+                                         GURL(kManyContextsStorageAPIOrigin)));
          }),
      test_records.end());
  ValidateDatabaseRecords(database(), test_records);

--- a/chrome/browser/browsing_data/access_context_audit_service.cc
+++ b/chrome/browser/browsing_data/access_context_audit_service.cc
@@ -47,7 +47,7 @@ bool AccessContextAuditService::Init(

 void AccessContextAuditService::RecordCookieAccess(
    const net::CookieList& accessed_cookies,
-    const GURL& top_frame_origin) {
+    const url::Origin& top_frame_origin) {
  auto now = base::Time::Now();
  std::vector<AccessContextAuditDatabase::AccessRecord> access_records;
  for (const auto& cookie : accessed_cookies) {
@@ -66,9 +66,9 @@ void AccessContextAuditService::RecordCookieAccess(
 }

 void AccessContextAuditService::RecordStorageAPIAccess(
-    const GURL& storage_origin,
+    const url::Origin& storage_origin,
    AccessContextAuditDatabase::StorageAPIType type,
-    const GURL& top_frame_origin) {
+    const url::Origin& top_frame_origin) {
  std::vector<AccessContextAuditDatabase::AccessRecord> access_record = {
      AccessContextAuditDatabase::AccessRecord(
          top_frame_origin, type, storage_origin, base::Time::Now())};

--- a/chrome/browser/browsing_data/access_context_audit_service.h
+++ b/chrome/browser/browsing_data/access_context_audit_service.h
@@ -31,13 +31,13 @@ class AccessContextAuditService

  // Records accesses for all cookies in |details| against |top_frame_origin|.
  void RecordCookieAccess(const net::CookieList& accessed_cookies,
-                          const GURL& top_frame_origin);
+                          const url::Origin& top_frame_origin);

  // Records access for |storage_origin|'s storage of |type| against
  // |top_frame_origin|.
-  void RecordStorageAPIAccess(const GURL& storage_origin,
+  void RecordStorageAPIAccess(const url::Origin& storage_origin,
                              AccessContextAuditDatabase::StorageAPIType type,
-                              const GURL& top_frame_origin);
+                              const url::Origin& top_frame_origin);

  // Queries database for all access context records, which are provided via
  // |callback|.

--- a/chrome/browser/browsing_data/access_context_audit_service_unittest.cc
+++ b/chrome/browser/browsing_data/access_context_audit_service_unittest.cc
@@ -28,7 +28,7 @@ namespace {
 // |top_frame_origin|.
 void CheckContainsCookieRecord(
    net::CanonicalCookie* cookie,
-    GURL top_frame_origin,
+    url::Origin top_frame_origin,
    const std::vector<AccessContextAuditDatabase::AccessRecord>& records) {
  EXPECT_NE(
      std::find_if(
@@ -49,9 +49,9 @@ void CheckContainsCookieRecord(
 // Checks that info in |record| matches storage API access defined by
 // |storage_origin|, |type| and |top_frame_origin|
 void CheckContainsStorageAPIRecord(
-    GURL storage_origin,
+    url::Origin storage_origin,
    AccessContextAuditDatabase::StorageAPIType type,
-    GURL top_frame_origin,
+    url::Origin top_frame_origin,
    const std::vector<AccessContextAuditDatabase::AccessRecord>& records) {
  EXPECT_NE(
      std::find_if(records.begin(), records.end(),
@@ -159,9 +159,9 @@ TEST_F(AccessContextAuditServiceTest, CookieRecords) {
      kTestCookieURL, kTestNonPersistentCookieName + "=1",
      initial_cookie_access_time, base::nullopt /* server_time */);
  // Record access to these cookies against a URL.
-  GURL kTopFrameURL("https://test.com");
+  url::Origin kTopFrameOrigin = url::Origin::Create(GURL("https://test.com"));
  service()->RecordCookieAccess({*test_cookie, *test_non_persistent_cookie},
-                                kTopFrameURL);
+                                kTopFrameOrigin);

  // Ensure that the record of these accesses is correctly returned.
  service()->GetAllAccessRecords(
@@ -170,9 +170,9 @@ TEST_F(AccessContextAuditServiceTest, CookieRecords) {
  browser_task_environment_.RunUntilIdle();

  EXPECT_EQ(2u, GetReturnedRecords().size());
-  CheckContainsCookieRecord(test_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());
-  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());

  // Check that informing the service of non-deletion changes to the cookies
@@ -190,9 +190,9 @@ TEST_F(AccessContextAuditServiceTest, CookieRecords) {
  browser_task_environment_.RunUntilIdle();

  EXPECT_EQ(2u, GetReturnedRecords().size());
-  CheckContainsCookieRecord(test_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());
-  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());

  // Check that a repeated access correctly updates associated timestamp.
@@ -201,7 +201,7 @@ TEST_F(AccessContextAuditServiceTest, CookieRecords) {
  test_cookie->SetLastAccessDate(repeat_cookie_access_time);
  test_non_persistent_cookie->SetLastAccessDate(repeat_cookie_access_time);
  service()->RecordCookieAccess({*test_cookie, *test_non_persistent_cookie},
-                                kTopFrameURL);
+                                kTopFrameOrigin);

  ClearReturnedRecords();
  service()->GetAllAccessRecords(
@@ -210,9 +210,9 @@ TEST_F(AccessContextAuditServiceTest, CookieRecords) {
  browser_task_environment_.RunUntilIdle();

  EXPECT_EQ(2u, GetReturnedRecords().size());
-  CheckContainsCookieRecord(test_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());
-  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_non_persistent_cookie.get(), kTopFrameOrigin,
                            GetReturnedRecords());

  // Inform the service the cookies have been deleted and check they are no
@@ -239,7 +239,8 @@ TEST_F(AccessContextAuditServiceTest, ExpiredCookies) {
      kTestURL, "test_1=1; expires=Thu, 01 Jan 1970 00:00:00 GMT",
      base::Time::Now(), base::nullopt /* server_time */);

-  service()->RecordCookieAccess({*test_cookie_expired}, kTestURL);
+  service()->RecordCookieAccess({*test_cookie_expired},
+                                url::Origin::Create(kTestURL));

  service()->GetAllAccessRecords(
      base::BindOnce(&AccessContextAuditServiceTest::AccessRecordCallback,
@@ -254,7 +255,7 @@ TEST_F(AccessContextAuditServiceTest, SessionOnlyRecords) {
  const GURL kTestPersistentURL("https://persistent.com");
  const GURL kTestSessionOnlyExplicitURL("https://explicit-session-only.com");
  const GURL kTestSessionOnlyContentSettingURL("https://content-setting.com");
-  const GURL kTopFrameURL("https://test.com");
+  url::Origin kTopFrameOrigin = url::Origin::Create(GURL("https://test.com"));
  std::string kTestCookieName = "test";
  const auto kTestStorageType =
      AccessContextAuditDatabase::StorageAPIType::kWebDatabase;
@@ -279,14 +280,15 @@ TEST_F(AccessContextAuditServiceTest, SessionOnlyRecords) {
  service()->RecordCookieAccess(
      {*test_cookie_persistent, *test_cookie_session_only_explicit,
       *test_cookie_session_only_content_setting},
-      kTopFrameURL);
+      kTopFrameOrigin);

  // Record storage APIs for both persistent and content setting based session
  // only URLs.
-  service()->RecordStorageAPIAccess(kTestPersistentURL, kTestStorageType,
-                                    kTopFrameURL);
-  service()->RecordStorageAPIAccess(kTestSessionOnlyContentSettingURL,
-                                    kTestStorageType, kTopFrameURL);
+  service()->RecordStorageAPIAccess(url::Origin::Create(kTestPersistentURL),
+                                    kTestStorageType, kTopFrameOrigin);
+  service()->RecordStorageAPIAccess(
+      url::Origin::Create(kTestSessionOnlyContentSettingURL), kTestStorageType,
+      kTopFrameOrigin);

  // Ensure all records have been initially recorded.
  service()->GetAllAccessRecords(
@@ -313,10 +315,11 @@ TEST_F(AccessContextAuditServiceTest, SessionOnlyRecords) {
  browser_task_environment_.RunUntilIdle();

  ASSERT_EQ(3u, GetReturnedRecords().size());
-  CheckContainsCookieRecord(test_cookie_persistent.get(), kTopFrameURL,
+  CheckContainsCookieRecord(test_cookie_persistent.get(), kTopFrameOrigin,
                            GetReturnedRecords());
  CheckContainsCookieRecord(test_cookie_session_only_explicit.get(),
-                            kTopFrameURL, GetReturnedRecords());
-  CheckContainsStorageAPIRecord(kTestPersistentURL, kTestStorageType,
-                                kTopFrameURL, GetReturnedRecords());
+                            kTopFrameOrigin, GetReturnedRecords());
+  CheckContainsStorageAPIRecord(url::Origin::Create(GURL(kTestPersistentURL)),
+                                kTestStorageType, kTopFrameOrigin,
+                                GetReturnedRecords());
 }
--- a/chrome/browser/content_settings/tab_specific_content_settings_delegate.cc
+++ b/chrome/browser/content_settings/tab_specific_content_settings_delegate.cc
@@ -164,7 +164,8 @@ void TabSpecificContentSettingsDelegate::OnCookieAccessAllowed(
          Profile::FromBrowserContext(web_contents()->GetBrowserContext()));
  if (access_context_audit_service)
    access_context_audit_service->RecordCookieAccess(
-        accessed_cookies, web_contents()->GetLastCommittedURL().GetOrigin());
+        accessed_cookies,
+        url::Origin::Create(web_contents()->GetLastCommittedURL()));
 #endif  // !defined(OS_ANDROID)
 }