Add supervised argument in the X-Chrome-Connected header.

This CL adds a "supervised" argument to the X-Chrome-Connected header
when the account that is signed in to Chrome is a child account.

Design document (Google internal):
https://docs.google.com/document/d/1u5PUBIeTxXiKSpqJHDiSuc9hJ2Y9_Te4ja5eJdLfZk4/edit?usp=sharing

Bug: 1103228

Change-Id: Ic90021207213d926ed2dbb54b78eb4d9559a0da3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431524
Commit-Queue: Mihai Sardarescu <msarda@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813007}

chrome/browser/search/one_google_bar/one_google_bar_loader_impl.cc

@@ -204,11 +204,16 @@ void OneGoogleBarLoaderImpl::AuthenticatedURLLoader::SetRequestHeaders(
     profile_mode = signin::PROFILE_MODE_INCOGNITO_DISABLED |
                    signin::PROFILE_MODE_ADD_ACCOUNT_DISABLED;
   }
+
+  // TODO(crbug.com/1134045): Check whether the child account status should also
+  // be sent in the Mirror request header when loading the local version of
+  // OneGoogleBar.
   std::string chrome_connected_header_value =
       chrome_connected_header_helper.BuildRequestHeader(
           /*is_header_request=*/true, api_url_,
           // Gaia ID is only needed for (drive|docs).google.com.
-          /*gaia_id=*/std::string(), profile_mode,
+          /*gaia_id=*/std::string(),
+          /* is_child_account=*/base::nullopt, profile_mode,
           signin::kChromeMirrorHeaderSource,
           /*force_account_consistency=*/false);
   if (!chrome_connected_header_value.empty()) {

chrome/browser/signin/chrome_signin_helper.cc

@@ -500,6 +500,7 @@ void FixAccountConsistencyRequestHeader(
     int incognito_availibility,
     AccountConsistencyMethod account_consistency,
     std::string gaia_id,
+    const base::Optional<bool>& is_child_account,
 #if defined(OS_CHROMEOS)
     bool is_secondary_account_addition_allowed,
 #endif
@@ -547,8 +548,8 @@ void FixAccountConsistencyRequestHeader(
 
   // Mirror header:
   AppendOrRemoveMirrorRequestHeader(
-      request, redirect_url, gaia_id, account_consistency, cookie_settings,
-      profile_mode_mask, kChromeMirrorHeaderSource,
+      request, redirect_url, gaia_id, is_child_account, account_consistency,
+      cookie_settings, profile_mode_mask, kChromeMirrorHeaderSource,
       /*force_account_consistency=*/false);
 }
 

chrome/browser/signin/chrome_signin_helper.h

@@ -95,6 +95,7 @@ void FixAccountConsistencyRequestHeader(
     int incognito_availibility,
     AccountConsistencyMethod account_consistency,
     std::string gaia_id,
+    const base::Optional<bool>& is_child_account,
 #if defined(OS_CHROMEOS)
     bool is_secondary_account_addition_allowed,
 #endif

chrome/browser/signin/chromeos_mirror_account_consistency_browsertest.cc

@@ -126,11 +126,16 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
   PrefService* prefs = profile->GetPrefs();
   prefs->SetInteger(prefs::kIncognitoModeAvailability,
                     IncognitoModePrefs::DISABLED);
-
   ASSERT_EQ(1, signin::PROFILE_MODE_INCOGNITO_DISABLED);
+
+  // TODO(http://crbug.com/1134144): This test seems to test supervised profiles
+  // instead of child accounts. With the current implementation,
+  // X-Chrome-Connected header gets a supervised=true argument only for child
+  // profiles. Verify if these tests needs to be updated to use child accounts
+  // or whether supervised profiles need to be supported as well.
   TestMirrorRequestForProfile(
       test_server_.get(), profile,
-      "source=Chrome,mode=1,enable_account_consistency=true,"
+      "source=Chrome,mode=1,enable_account_consistency=true,supervised=false,"
       "consistency_enabled_by_default=false");
 }
 
@@ -150,6 +155,6 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
       AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile));
   TestMirrorRequestForProfile(
       test_server_.get(), profile,
-      "source=Chrome,mode=0,enable_account_consistency=true,"
+      "source=Chrome,mode=0,enable_account_consistency=true,supervised=false,"
       "consistency_enabled_by_default=false");
 }

chrome/browser/signin/header_modification_delegate_impl.cc

@@ -72,13 +72,26 @@ void HeaderModificationDelegateImpl::ProcessRequest(
     consent_level = ConsentLevel::kNotRequired;
 #endif
 
+  IdentityManager* identity_manager =
+      IdentityManagerFactory::GetForProfile(profile_);
+  CoreAccountInfo account =
+      identity_manager->GetPrimaryAccountInfo(consent_level);
+  base::Optional<bool> is_child_account = base::nullopt;
+  if (!account.IsEmpty()) {
+    base::Optional<AccountInfo> extended_account_info =
+        identity_manager->FindExtendedAccountInfoForAccountWithRefreshToken(
+            account);
+    if (extended_account_info.has_value()) {
+      is_child_account = base::make_optional<bool>(
+          extended_account_info.value().is_child_account);
+    }
+  }
+
   FixAccountConsistencyRequestHeader(
       request_adapter, redirect_url, profile_->IsOffTheRecord(),
       prefs->GetInteger(prefs::kIncognitoModeAvailability),
       AccountConsistencyModeManager::GetMethodForProfile(profile_),
-      IdentityManagerFactory::GetForProfile(profile_)
-          ->GetPrimaryAccountInfo(consent_level)
-          .gaia,
+      account.gaia, is_child_account,
 #if defined(OS_CHROMEOS)
       is_secondary_account_addition_allowed,
 #endif

components/signin/core/browser/chrome_connected_header_helper.cc

@@ -32,6 +32,7 @@ const char kIsSameTabAttrName[] = "is_same_tab";
 const char kIsSamlAttrName[] = "is_saml";
 const char kProfileModeAttrName[] = "mode";
 const char kServiceTypeAttrName[] = "action";
+const char kSupervisedAttrName[] = "supervised";
 const char kSourceAttrName[] = "source";
 #if defined(OS_ANDROID) || defined(OS_IOS)
 const char kEligibleForConsistency[] = "eligible_for_consistency";
@@ -70,9 +71,13 @@ std::string ChromeConnectedHeaderHelper::BuildRequestCookieIfPossible(
   ChromeConnectedHeaderHelper chrome_connected_helper(account_consistency);
   if (!chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings))
     return "";
+
+  // Child accounts are not supported on iOS, so it is preferred to not include
+  // this information in the ChromeConnected cookie.
   return chrome_connected_helper.BuildRequestHeader(
-      false /* is_header_request */, url, gaia_id, profile_mode_mask,
-      "" /* source */, false /* force_account_consistency */);
+      false /* is_header_request */, url, gaia_id,
+      base::nullopt /* is_child_account */, profile_mode_mask, "" /* source */,
+      false /* force_account_consistency */);
 }
 
 // static
@@ -178,6 +183,7 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
     bool is_header_request,
     const GURL& url,
     const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
     int profile_mode_mask,
     const std::string& source,
     bool force_account_consistency) {
@@ -220,6 +226,11 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
       account_consistency_ == AccountConsistencyMethod::kMirror;
   parts.push_back(base::StringPrintf("%s=%s", kEnableAccountConsistencyAttrName,
                                      is_mirror_enabled ? "true" : "false"));
+  if (is_child_account.has_value()) {
+    parts.push_back(
+        base::StringPrintf("%s=%s", kSupervisedAttrName,
+                           is_child_account.value() ? "true" : "false"));
+  }
   parts.push_back(base::StringPrintf(
       "%s=%s", kConsistencyEnabledByDefaultAttrName, "false"));
 

components/signin/core/browser/chrome_connected_header_helper.h

@@ -7,6 +7,7 @@
 
 #include <string>
 
+#include "base/optional.h"
 #include "components/signin/core/browser/signin_header_helper.h"
 #include "components/signin/public/base/account_consistency_method.h"
 
@@ -40,6 +41,7 @@ class ChromeConnectedHeaderHelper : public SigninHeaderHelper {
   std::string BuildRequestHeader(bool is_header_request,
                                  const GURL& url,
                                  const std::string& gaia_id,
+                                 const base::Optional<bool>& is_child_account,
                                  int profile_mode_mask,
                                  const std::string& source,
                                  bool force_account_consistency);

components/signin/core/browser/signin_header_helper.cc

@@ -167,6 +167,7 @@ void AppendOrRemoveMirrorRequestHeader(
     RequestAdapter* request,
     const GURL& redirect_url,
     const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
     AccountConsistencyMethod account_consistency,
     const content_settings::CookieSettings* cookie_settings,
     int profile_mode_mask,
@@ -177,8 +178,8 @@ void AppendOrRemoveMirrorRequestHeader(
   std::string chrome_connected_header_value;
   if (chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings)) {
     chrome_connected_header_value = chrome_connected_helper.BuildRequestHeader(
-        true /* is_header_request */, url, gaia_id, profile_mode_mask, source,
-        force_account_consistency);
+        true /* is_header_request */, url, gaia_id, is_child_account,
+        profile_mode_mask, source, force_account_consistency);
   }
   chrome_connected_helper.AppendOrRemoveRequestHeader(
       request, redirect_url, kChromeConnectedHeader,

components/signin/core/browser/signin_header_helper.h

@@ -238,6 +238,7 @@ void AppendOrRemoveMirrorRequestHeader(
     RequestAdapter* request,
     const GURL& redirect_url,
     const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
     AccountConsistencyMethod account_consistency,
     const content_settings::CookieSettings* cookie_settings,
     int profile_mode_mask,

components/signin/core/browser/signin_header_helper_unittest.cc

@@ -84,14 +84,16 @@ class SigninHeaderHelperTest : public testing::Test {
               expected_request);
   }
 
-  net::HttpRequestHeaders CreateRequest(const GURL& url,
-                                        const std::string& account_id) {
+  net::HttpRequestHeaders CreateRequest(
+      const GURL& url,
+      const std::string& account_id,
+      const base::Optional<bool>& is_child_account) {
     net::HttpRequestHeaders original_headers;
     RequestAdapterWrapper request_adapter(url, original_headers);
     AppendOrRemoveMirrorRequestHeader(
-        request_adapter.adapter(), GURL(), account_id, account_consistency_,
-        cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
-        force_account_consistency_);
+        request_adapter.adapter(), GURL(), account_id, is_child_account,
+        account_consistency_, cookie_settings_.get(), PROFILE_MODE_DEFAULT,
+        kTestSource, force_account_consistency_);
     AppendOrRemoveDiceRequestHeader(
         request_adapter.adapter(), GURL(), account_id, sync_enabled_,
         account_consistency_, cookie_settings_.get(), device_id_);
@@ -113,8 +115,10 @@ class SigninHeaderHelperTest : public testing::Test {
 
   void CheckMirrorHeaderRequest(const GURL& url,
                                 const std::string& account_id,
+                                const base::Optional<bool>& is_child_account,
                                 const std::string& expected_request) {
-    net::HttpRequestHeaders headers = CreateRequest(url, account_id);
+    net::HttpRequestHeaders headers =
+        CreateRequest(url, account_id, is_child_account);
     CheckAccountConsistencyHeaderRequest(headers, kChromeConnectedHeader,
                                          expected_request);
   }
@@ -122,9 +126,11 @@ class SigninHeaderHelperTest : public testing::Test {
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
   void CheckDiceHeaderRequest(const GURL& url,
                               const std::string& account_id,
+                              const base::Optional<bool>& is_child_account,
                               const std::string& expected_mirror_request,
                               const std::string& expected_dice_request) {
-    net::HttpRequestHeaders headers = CreateRequest(url, account_id);
+    net::HttpRequestHeaders headers =
+        CreateRequest(url, account_id, is_child_account);
     CheckAccountConsistencyHeaderRequest(headers, kChromeConnectedHeader,
                                          expected_mirror_request);
     CheckAccountConsistencyHeaderRequest(headers, kDiceRequestHeader,
@@ -152,7 +158,7 @@ class SigninHeaderHelperTest : public testing::Test {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestNoAccountIdChromeOS) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckMirrorHeaderRequest(
-      GURL("https://docs.google.com"), "",
+      GURL("https://docs.google.com"), "", /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(GURL("https://docs.google.com"), "",
@@ -170,6 +176,7 @@ TEST_F(SigninHeaderHelperTest, TestEligibleForConsistencyRequestGaiaOrigin) {
 
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckMirrorHeaderRequest(GURL("https://accounts.google.com"), "",
+                           /*is_child_account=*/base::nullopt,
                            "source=TestSource,eligible_for_consistency=true");
   CheckMirrorCookieRequest(GURL("https://accounts.google.com"), "",
                            "eligible_for_consistency=true");
@@ -184,7 +191,8 @@ TEST_F(SigninHeaderHelperTest,
   feature_list.InitAndEnableFeature(kMobileIdentityConsistency);
 
   account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "",
+                           /*is_child_account=*/base::nullopt, "");
   CheckMirrorCookieRequest(GURL("https://docs.google.com"), "", "");
 }
 
@@ -197,7 +205,7 @@ TEST_F(SigninHeaderHelperTest, TestForceAccountConsistencyMobile) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   force_account_consistency_ = true;
   CheckMirrorHeaderRequest(
-      GURL("https://docs.google.com"), "",
+      GURL("https://docs.google.com"), "", /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false");
 }
@@ -207,7 +215,8 @@ TEST_F(SigninHeaderHelperTest, TestForceAccountConsistencyMobile) {
 // account id), for non Chrome OS platforms.
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestNoAccountId) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "",
+                           /*is_child_account=*/base::nullopt, "");
   CheckMirrorCookieRequest(GURL("https://docs.google.com"), "", "");
 }
 #endif
@@ -217,14 +226,16 @@ TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestNoAccountId) {
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestCookieSettingBlocked) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "0123456789", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "0123456789",
+                           /*is_child_account=*/base::nullopt, "");
   CheckMirrorCookieRequest(GURL("https://docs.google.com"), "0123456789", "");
 }
 
 // Tests that no Mirror request is returned when the target is a non-Google URL.
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestExternalURL) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://foo.com"), "0123456789", "");
+  CheckMirrorHeaderRequest(GURL("https://foo.com"), "0123456789",
+                           /*is_child_account=*/base::nullopt, "");
   CheckMirrorCookieRequest(GURL("https://foo.com"), "0123456789", "");
 }
 
@@ -234,6 +245,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleTLD) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckMirrorHeaderRequest(
       GURL("https://google.fr"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(GURL("https://google.de"), "0123456789",
@@ -247,6 +259,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleCom) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckMirrorHeaderRequest(
       GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(
@@ -261,7 +274,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComNoProfileConsistency) {
   RequestAdapterWrapper request_adapter(GURL("https://www.google.com"),
                                         original_headers);
   AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), GURL(), "0123456789", account_consistency_,
+      request_adapter.adapter(), GURL(), "0123456789",
+      /*is_child_account=*/base::nullopt, account_consistency_,
       cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
       false /* force_account_consistency */);
   CheckAccountConsistencyHeaderRequest(request_adapter.GetFinalHeaders(),
@@ -275,7 +289,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
   RequestAdapterWrapper request_adapter(GURL("https://www.google.com"),
                                         original_headers);
   AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), GURL(), "0123456789", account_consistency_,
+      request_adapter.adapter(), GURL(), "0123456789",
+      /*is_child_account=*/base::nullopt, account_consistency_,
       cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
       false /* force_account_consistency */);
   CheckAccountConsistencyHeaderRequest(
@@ -284,6 +299,25 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
       "consistency_enabled_by_default=false");
 }
 
+TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComSupervised) {
+  account_consistency_ = AccountConsistencyMethod::kMirror;
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "consistency_enabled_by_default=false");
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::Optional<bool>(true),
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "supervised=true,consistency_enabled_by_default=false");
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::Optional<bool>(false),
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "supervised=false,consistency_enabled_by_default=false");
+}
+
 // Mirror is always enabled on Android and iOS, so these tests are only relevant
 // on Desktop.
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
@@ -293,6 +327,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestGaiaURL) {
   CheckMirrorHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(
@@ -307,6 +342,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
   // ChromeConnected but no Dice for Docs URLs.
   CheckDiceHeaderRequest(
       GURL("https://docs.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,id=0123456789,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false",
       "");
@@ -317,6 +353,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
   ASSERT_FALSE(client_id.empty());
   CheckDiceHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false",
       base::StringPrintf(
@@ -328,6 +365,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
   sync_enabled_ = true;
   CheckDiceHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false",
       base::StringPrintf("version=%s,client_id=%s,device_id=DeviceID,"
@@ -337,7 +375,8 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
   sync_enabled_ = false;
 
   // No ChromeConnected and no Dice for other URLs.
-  CheckDiceHeaderRequest(GURL("https://www.google.com"), "0123456789", "", "");
+  CheckDiceHeaderRequest(GURL("https://www.google.com"), "0123456789",
+                         /*is_child_account=*/base::nullopt, "", "");
 }
 
 // When cookies are blocked, only the Dice header is sent.
@@ -348,7 +387,8 @@ TEST_F(SigninHeaderHelperTest, DiceCookiesBlocked) {
   std::string client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id();
   ASSERT_FALSE(client_id.empty());
   CheckDiceHeaderRequest(
-      GURL("https://accounts.google.com"), "0123456789", "",
+      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt, "",
       base::StringPrintf(
           "version=%s,client_id=%s,device_id=DeviceID,signin_mode=all_accounts,"
           "signout_mode=show_confirmation",
@@ -360,6 +400,7 @@ TEST_F(SigninHeaderHelperTest, TestNoDiceRequestWhenDisabled) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckDiceHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false",
       "");
@@ -374,6 +415,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceEmptyDeviceID) {
 
   CheckDiceHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false",
       base::StringPrintf("version=%s,client_id=%s,signin_mode=all_accounts,"
@@ -389,6 +431,7 @@ TEST_F(SigninHeaderHelperTest, TestSignoutConfirmation) {
 
   CheckDiceHeaderRequest(
       GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false",
       base::StringPrintf(
@@ -402,6 +445,7 @@ TEST_F(SigninHeaderHelperTest, TestSignoutConfirmation) {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestDrive) {
   CheckMirrorHeaderRequest(
       GURL("https://docs.google.com/document"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,id=0123456789,mode=0,enable_account_consistency=false,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(
@@ -413,6 +457,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestDrive) {
   account_consistency_ = AccountConsistencyMethod::kMirror;
   CheckMirrorHeaderRequest(
       GURL("https://docs.google.com/document"), "0123456789",
+      /*is_child_account=*/base::nullopt,
       "source=TestSource,id=0123456789,mode=0,enable_account_consistency=true,"
       "consistency_enabled_by_default=false");
   CheckMirrorCookieRequest(
@@ -555,7 +600,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorHeaderEligibleRedirectURL) {
   net::HttpRequestHeaders original_headers;
   RequestAdapterWrapper request_adapter(url, original_headers);
   AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
       cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
       false /* force_account_consistency */);
   EXPECT_TRUE(
@@ -573,7 +619,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorHeaderNonEligibleRedirectURL) {
   original_headers.SetHeader(kChromeConnectedHeader, "foo,bar");
   RequestAdapterWrapper request_adapter(url, original_headers);
   AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
       cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
       false /* force_account_consistency */);
   EXPECT_FALSE(
@@ -592,7 +639,8 @@ TEST_F(SigninHeaderHelperTest, TestIgnoreMirrorHeaderNonEligibleURLs) {
   original_headers.SetHeader(kChromeConnectedHeader, fake_header);
   RequestAdapterWrapper request_adapter(url, original_headers);
   AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
       cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
       false /* force_account_consistency */);
   std::string header;

weblayer/browser/signin_url_loader_throttle.cc

@@ -141,8 +141,12 @@ void SigninURLLoaderThrottle::ProcessRequest(
   // Disable incognito and adding accounts for now. This shouldn't matter in
   // practice though since we are skipping the /SignOutOptions page completely
   // with the manage=true param.
+  //
+  // TODO(crbug.com/1134042): Check whether the child account status should also
+  // be sent in the Mirror request header from WebLayer.
   signin::AppendOrRemoveMirrorRequestHeader(
       &request_adapter, new_url, delegate->GetGaiaId(),
+      base::nullopt /* is_child_account */,
       signin::AccountConsistencyMethod::kMirror,
       CookieSettingsFactory::GetForBrowserContext(browser_context_).get(),
       signin::PROFILE_MODE_INCOGNITO_DISABLED |