Add supervised argument in the X-Chrome-Connected header.

This CL adds a "supervised" argument to the X-Chrome-Connected header when the account that is signed in to Chrome is a child account. Design document (Google internal): https://docs.google.com/document/d/1u5PUBIeTxXiKSpqJHDiSuc9hJ2Y9_Te4ja5eJdLfZk4/edit?usp=sharing Bug: 1103228 Change-Id: Ic90021207213d926ed2dbb54b78eb4d9559a0da3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431524 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#813007}

Add supervised argument in the X-Chrome-Connected header.
This CL adds a "supervised" argument to the X-Chrome-Connected header when the account that is signed in to Chrome is a child account. Design document (Google internal): https://docs.google.com/document/d/1u5PUBIeTxXiKSpqJHDiSuc9hJ2Y9_Te4ja5eJdLfZk4/edit?usp=sharing Bug: 1103228 Change-Id: Ic90021207213d926ed2dbb54b78eb4d9559a0da3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431524 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#813007}
f6f7990d · Mihai Sardarescu · Commit Bot · 800d41ac · f6f7990d · f6f7990d
Commit f6f7990d authored Oct 02, 2020 by Mihai Sardarescu Committed by Commit Bot Oct 02, 2020
11 changed files
--- a/chrome/browser/search/one_google_bar/one_google_bar_loader_impl.cc
+++ b/chrome/browser/search/one_google_bar/one_google_bar_loader_impl.cc
@@ -204,11 +204,16 @@ void OneGoogleBarLoaderImpl::AuthenticatedURLLoader::SetRequestHeaders(
    profile_mode = signin::PROFILE_MODE_INCOGNITO_DISABLED |
                   signin::PROFILE_MODE_ADD_ACCOUNT_DISABLED;
  }
+  // TODO(crbug.com/1134045): Check whether the child account status should also
+  // be sent in the Mirror request header when loading the local version of
+  // OneGoogleBar.
  std::string chrome_connected_header_value =
      chrome_connected_header_helper.BuildRequestHeader(
          /*is_header_request=*/true, api_url_,
          // Gaia ID is only needed for (drive|docs).google.com.
-          /*gaia_id=*/std::string(), profile_mode,
+          /*gaia_id=*/std::string(),
+          /* is_child_account=*/base::nullopt, profile_mode,
          signin::kChromeMirrorHeaderSource,
          /*force_account_consistency=*/false);
  if (!chrome_connected_header_value.empty()) {

--- a/chrome/browser/signin/chrome_signin_helper.cc
+++ b/chrome/browser/signin/chrome_signin_helper.cc
@@ -500,6 +500,7 @@ void FixAccountConsistencyRequestHeader(
    int incognito_availibility,
    AccountConsistencyMethod account_consistency,
    std::string gaia_id,
+    const base::Optional<bool>& is_child_account,
 #if defined(OS_CHROMEOS)
    bool is_secondary_account_addition_allowed,
 #endif
@@ -547,8 +548,8 @@ void FixAccountConsistencyRequestHeader(
  // Mirror header:
  AppendOrRemoveMirrorRequestHeader(
-      request, redirect_url, gaia_id, account_consistency, cookie_settings,
+      request, redirect_url, gaia_id, is_child_account, account_consistency,
-      profile_mode_mask, kChromeMirrorHeaderSource,
+      cookie_settings, profile_mode_mask, kChromeMirrorHeaderSource,
      /*force_account_consistency=*/false);
 }

--- a/chrome/browser/signin/chrome_signin_helper.h
+++ b/chrome/browser/signin/chrome_signin_helper.h
@@ -95,6 +95,7 @@ void FixAccountConsistencyRequestHeader(
    int incognito_availibility,
    AccountConsistencyMethod account_consistency,
    std::string gaia_id,
+    const base::Optional<bool>& is_child_account,
 #if defined(OS_CHROMEOS)
    bool is_secondary_account_addition_allowed,
 #endif

--- a/chrome/browser/signin/chromeos_mirror_account_consistency_browsertest.cc
+++ b/chrome/browser/signin/chromeos_mirror_account_consistency_browsertest.cc
@@ -126,11 +126,16 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
  PrefService* prefs = profile->GetPrefs();
  prefs->SetInteger(prefs::kIncognitoModeAvailability,
                    IncognitoModePrefs::DISABLED);
  ASSERT_EQ(1, signin::PROFILE_MODE_INCOGNITO_DISABLED);
+  // TODO(http://crbug.com/1134144): This test seems to test supervised profiles
+  // instead of child accounts. With the current implementation,
+  // X-Chrome-Connected header gets a supervised=true argument only for child
+  // profiles. Verify if these tests needs to be updated to use child accounts
+  // or whether supervised profiles need to be supported as well.
  TestMirrorRequestForProfile(
      test_server_.get(), profile,
-      "source=Chrome,mode=1,enable_account_consistency=true,"
+      "source=Chrome,mode=1,enable_account_consistency=true,supervised=false,"
      "consistency_enabled_by_default=false");
 }
@@ -150,6 +155,6 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
      AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile));
  TestMirrorRequestForProfile(
      test_server_.get(), profile,
-      "source=Chrome,mode=0,enable_account_consistency=true,"
+      "source=Chrome,mode=0,enable_account_consistency=true,supervised=false,"
      "consistency_enabled_by_default=false");
 }
--- a/chrome/browser/signin/header_modification_delegate_impl.cc
+++ b/chrome/browser/signin/header_modification_delegate_impl.cc
@@ -72,13 +72,26 @@ void HeaderModificationDelegateImpl::ProcessRequest(
    consent_level = ConsentLevel::kNotRequired;
 #endif
+  IdentityManager* identity_manager =
+      IdentityManagerFactory::GetForProfile(profile_);
+  CoreAccountInfo account =
+      identity_manager->GetPrimaryAccountInfo(consent_level);
+  base::Optional<bool> is_child_account = base::nullopt;
+  if (!account.IsEmpty()) {
+    base::Optional<AccountInfo> extended_account_info =
+        identity_manager->FindExtendedAccountInfoForAccountWithRefreshToken(
+            account);
+    if (extended_account_info.has_value()) {
+      is_child_account = base::make_optional<bool>(
+          extended_account_info.value().is_child_account);
+    }
+  }
  FixAccountConsistencyRequestHeader(
      request_adapter, redirect_url, profile_->IsOffTheRecord(),
      prefs->GetInteger(prefs::kIncognitoModeAvailability),
      AccountConsistencyModeManager::GetMethodForProfile(profile_),
-      IdentityManagerFactory::GetForProfile(profile_)
+      account.gaia, is_child_account,
-          ->GetPrimaryAccountInfo(consent_level)
-          .gaia,
 #if defined(OS_CHROMEOS)
      is_secondary_account_addition_allowed,
 #endif

--- a/components/signin/core/browser/chrome_connected_header_helper.cc
+++ b/components/signin/core/browser/chrome_connected_header_helper.cc
@@ -32,6 +32,7 @@ const char kIsSameTabAttrName[] = "is_same_tab";
 const char kIsSamlAttrName[] = "is_saml";
 const char kProfileModeAttrName[] = "mode";
 const char kServiceTypeAttrName[] = "action";
+const char kSupervisedAttrName[] = "supervised";
 const char kSourceAttrName[] = "source";
 #if defined(OS_ANDROID) || defined(OS_IOS)
 const char kEligibleForConsistency[] = "eligible_for_consistency";
@@ -70,9 +71,13 @@ std::string ChromeConnectedHeaderHelper::BuildRequestCookieIfPossible(
  ChromeConnectedHeaderHelper chrome_connected_helper(account_consistency);
  if (!chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings))
    return "";
+  // Child accounts are not supported on iOS, so it is preferred to not include
+  // this information in the ChromeConnected cookie.
  return chrome_connected_helper.BuildRequestHeader(
-      false /* is_header_request */, url, gaia_id, profile_mode_mask,
+      false /* is_header_request */, url, gaia_id,
-      "" /* source */, false /* force_account_consistency */);
+      base::nullopt /* is_child_account */, profile_mode_mask, "" /* source */,
+      false /* force_account_consistency */);
 }
 // static
@@ -178,6 +183,7 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
    bool is_header_request,
    const GURL& url,
    const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
    int profile_mode_mask,
    const std::string& source,
    bool force_account_consistency) {
@@ -220,6 +226,11 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
      account_consistency_ == AccountConsistencyMethod::kMirror;
  parts.push_back(base::StringPrintf("%s=%s", kEnableAccountConsistencyAttrName,
                                     is_mirror_enabled ? "true" : "false"));
+  if (is_child_account.has_value()) {
+    parts.push_back(
+        base::StringPrintf("%s=%s", kSupervisedAttrName,
+                           is_child_account.value() ? "true" : "false"));
+  }
  parts.push_back(base::StringPrintf(
      "%s=%s", kConsistencyEnabledByDefaultAttrName, "false"));

--- a/components/signin/core/browser/chrome_connected_header_helper.h
+++ b/components/signin/core/browser/chrome_connected_header_helper.h
@@ -7,6 +7,7 @@
 #include <string>
+#include "base/optional.h"
 #include "components/signin/core/browser/signin_header_helper.h"
 #include "components/signin/public/base/account_consistency_method.h"
@@ -40,6 +41,7 @@ class ChromeConnectedHeaderHelper : public SigninHeaderHelper {
  std::string BuildRequestHeader(bool is_header_request,
                                 const GURL& url,
                                 const std::string& gaia_id,
+                                 const base::Optional<bool>& is_child_account,
                                 int profile_mode_mask,
                                 const std::string& source,
                                 bool force_account_consistency);

--- a/components/signin/core/browser/signin_header_helper.cc
+++ b/components/signin/core/browser/signin_header_helper.cc
@@ -167,6 +167,7 @@ void AppendOrRemoveMirrorRequestHeader(
    RequestAdapter* request,
    const GURL& redirect_url,
    const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
    AccountConsistencyMethod account_consistency,
    const content_settings::CookieSettings* cookie_settings,
    int profile_mode_mask,
@@ -177,8 +178,8 @@ void AppendOrRemoveMirrorRequestHeader(
  std::string chrome_connected_header_value;
  if (chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings)) {
    chrome_connected_header_value = chrome_connected_helper.BuildRequestHeader(
-        true /* is_header_request */, url, gaia_id, profile_mode_mask, source,
+        true /* is_header_request */, url, gaia_id, is_child_account,
-        force_account_consistency);
+        profile_mode_mask, source, force_account_consistency);
  }
  chrome_connected_helper.AppendOrRemoveRequestHeader(
      request, redirect_url, kChromeConnectedHeader,

--- a/components/signin/core/browser/signin_header_helper.h
+++ b/components/signin/core/browser/signin_header_helper.h
@@ -238,6 +238,7 @@ void AppendOrRemoveMirrorRequestHeader(
    RequestAdapter* request,
    const GURL& redirect_url,
    const std::string& gaia_id,
+    const base::Optional<bool>& is_child_account,
    AccountConsistencyMethod account_consistency,
    const content_settings::CookieSettings* cookie_settings,
    int profile_mode_mask,

--- a/components/signin/core/browser/signin_header_helper_unittest.cc
+++ b/components/signin/core/browser/signin_header_helper_unittest.cc
@@ -84,14 +84,16 @@ class SigninHeaderHelperTest : public testing::Test {
              expected_request);
  }
-  net::HttpRequestHeaders CreateRequest(const GURL& url,
+  net::HttpRequestHeaders CreateRequest(
-                                        const std::string& account_id) {
+      const GURL& url,
+      const std::string& account_id,
+      const base::Optional<bool>& is_child_account) {
    net::HttpRequestHeaders original_headers;
    RequestAdapterWrapper request_adapter(url, original_headers);
    AppendOrRemoveMirrorRequestHeader(
-        request_adapter.adapter(), GURL(), account_id, account_consistency_,
+        request_adapter.adapter(), GURL(), account_id, is_child_account,
-        cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
+        account_consistency_, cookie_settings_.get(), PROFILE_MODE_DEFAULT,
-        force_account_consistency_);
+        kTestSource, force_account_consistency_);
    AppendOrRemoveDiceRequestHeader(
        request_adapter.adapter(), GURL(), account_id, sync_enabled_,
        account_consistency_, cookie_settings_.get(), device_id_);
@@ -113,8 +115,10 @@ class SigninHeaderHelperTest : public testing::Test {
  void CheckMirrorHeaderRequest(const GURL& url,
                                const std::string& account_id,
+                                const base::Optional<bool>& is_child_account,
                                const std::string& expected_request) {
-    net::HttpRequestHeaders headers = CreateRequest(url, account_id);
+    net::HttpRequestHeaders headers =
+        CreateRequest(url, account_id, is_child_account);
    CheckAccountConsistencyHeaderRequest(headers, kChromeConnectedHeader,
                                         expected_request);
  }
@@ -122,9 +126,11 @@ class SigninHeaderHelperTest : public testing::Test {
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
  void CheckDiceHeaderRequest(const GURL& url,
                              const std::string& account_id,
+                              const base::Optional<bool>& is_child_account,
                              const std::string& expected_mirror_request,
                              const std::string& expected_dice_request) {
-    net::HttpRequestHeaders headers = CreateRequest(url, account_id);
+    net::HttpRequestHeaders headers =
+        CreateRequest(url, account_id, is_child_account);
    CheckAccountConsistencyHeaderRequest(headers, kChromeConnectedHeader,
                                         expected_mirror_request);
    CheckAccountConsistencyHeaderRequest(headers, kDiceRequestHeader,
@@ -152,7 +158,7 @@ class SigninHeaderHelperTest : public testing::Test {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestNoAccountIdChromeOS) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckMirrorHeaderRequest(
-      GURL("https://docs.google.com"), "",
+      GURL("https://docs.google.com"), "", /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(GURL("https://docs.google.com"), "",
@@ -170,6 +176,7 @@ TEST_F(SigninHeaderHelperTest, TestEligibleForConsistencyRequestGaiaOrigin) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckMirrorHeaderRequest(GURL("https://accounts.google.com"), "",
+                           /*is_child_account=*/base::nullopt,
                           "source=TestSource,eligible_for_consistency=true");
  CheckMirrorCookieRequest(GURL("https://accounts.google.com"), "",
                           "eligible_for_consistency=true");
@@ -184,7 +191,8 @@ TEST_F(SigninHeaderHelperTest,
  feature_list.InitAndEnableFeature(kMobileIdentityConsistency);
  account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "",
+                           /*is_child_account=*/base::nullopt, "");
  CheckMirrorCookieRequest(GURL("https://docs.google.com"), "", "");
 }
@@ -197,7 +205,7 @@ TEST_F(SigninHeaderHelperTest, TestForceAccountConsistencyMobile) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  force_account_consistency_ = true;
  CheckMirrorHeaderRequest(
-      GURL("https://docs.google.com"), "",
+      GURL("https://docs.google.com"), "", /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false");
 }
@@ -207,7 +215,8 @@ TEST_F(SigninHeaderHelperTest, TestForceAccountConsistencyMobile) {
 // account id), for non Chrome OS platforms.
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestNoAccountId) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "",
+                           /*is_child_account=*/base::nullopt, "");
  CheckMirrorCookieRequest(GURL("https://docs.google.com"), "", "");
 }
 #endif
@@ -217,14 +226,16 @@ TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestNoAccountId) {
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestCookieSettingBlocked) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
-  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "0123456789", "");
+  CheckMirrorHeaderRequest(GURL("https://docs.google.com"), "0123456789",
+                           /*is_child_account=*/base::nullopt, "");
  CheckMirrorCookieRequest(GURL("https://docs.google.com"), "0123456789", "");
 }
 // Tests that no Mirror request is returned when the target is a non-Google URL.
 TEST_F(SigninHeaderHelperTest, TestNoMirrorRequestExternalURL) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
-  CheckMirrorHeaderRequest(GURL("https://foo.com"), "0123456789", "");
+  CheckMirrorHeaderRequest(GURL("https://foo.com"), "0123456789",
+                           /*is_child_account=*/base::nullopt, "");
  CheckMirrorCookieRequest(GURL("https://foo.com"), "0123456789", "");
 }
@@ -234,6 +245,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleTLD) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckMirrorHeaderRequest(
      GURL("https://google.fr"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(GURL("https://google.de"), "0123456789",
@@ -247,6 +259,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleCom) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckMirrorHeaderRequest(
      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(
@@ -261,7 +274,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComNoProfileConsistency) {
  RequestAdapterWrapper request_adapter(GURL("https://www.google.com"),
                                        original_headers);
  AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), GURL(), "0123456789", account_consistency_,
+      request_adapter.adapter(), GURL(), "0123456789",
+      /*is_child_account=*/base::nullopt, account_consistency_,
      cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
      false /* force_account_consistency */);
  CheckAccountConsistencyHeaderRequest(request_adapter.GetFinalHeaders(),
@@ -275,7 +289,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
  RequestAdapterWrapper request_adapter(GURL("https://www.google.com"),
                                        original_headers);
  AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), GURL(), "0123456789", account_consistency_,
+      request_adapter.adapter(), GURL(), "0123456789",
+      /*is_child_account=*/base::nullopt, account_consistency_,
      cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
      false /* force_account_consistency */);
  CheckAccountConsistencyHeaderRequest(
@@ -284,6 +299,25 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
      "consistency_enabled_by_default=false");
 }
+TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComSupervised) {
+  account_consistency_ = AccountConsistencyMethod::kMirror;
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "consistency_enabled_by_default=false");
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::Optional<bool>(true),
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "supervised=true,consistency_enabled_by_default=false");
+  CheckMirrorHeaderRequest(
+      GURL("https://www.google.com"), "0123456789",
+      /*is_child_account=*/base::Optional<bool>(false),
+      "source=TestSource,mode=0,enable_account_consistency=true,"
+      "supervised=false,consistency_enabled_by_default=false");
+}
 // Mirror is always enabled on Android and iOS, so these tests are only relevant
 // on Desktop.
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
@@ -293,6 +327,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestGoogleComProfileConsistency) {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestGaiaURL) {
  CheckMirrorHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(
@@ -307,6 +342,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
  // ChromeConnected but no Dice for Docs URLs.
  CheckDiceHeaderRequest(
      GURL("https://docs.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,id=0123456789,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false",
      "");
@@ -317,6 +353,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
  ASSERT_FALSE(client_id.empty());
  CheckDiceHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false",
      base::StringPrintf(
@@ -328,6 +365,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
  sync_enabled_ = true;
  CheckDiceHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false",
      base::StringPrintf("version=%s,client_id=%s,device_id=DeviceID,"
@@ -337,7 +375,8 @@ TEST_F(SigninHeaderHelperTest, TestDiceRequest) {
  sync_enabled_ = false;
  // No ChromeConnected and no Dice for other URLs.
-  CheckDiceHeaderRequest(GURL("https://www.google.com"), "0123456789", "", "");
+  CheckDiceHeaderRequest(GURL("https://www.google.com"), "0123456789",
+                         /*is_child_account=*/base::nullopt, "", "");
 }
 // When cookies are blocked, only the Dice header is sent.
@@ -348,7 +387,8 @@ TEST_F(SigninHeaderHelperTest, DiceCookiesBlocked) {
  std::string client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id();
  ASSERT_FALSE(client_id.empty());
  CheckDiceHeaderRequest(
-      GURL("https://accounts.google.com"), "0123456789", "",
+      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt, "",
      base::StringPrintf(
          "version=%s,client_id=%s,device_id=DeviceID,signin_mode=all_accounts,"
          "signout_mode=show_confirmation",
@@ -360,6 +400,7 @@ TEST_F(SigninHeaderHelperTest, TestNoDiceRequestWhenDisabled) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckDiceHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false",
      "");
@@ -374,6 +415,7 @@ TEST_F(SigninHeaderHelperTest, TestDiceEmptyDeviceID) {
  CheckDiceHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false",
      base::StringPrintf("version=%s,client_id=%s,signin_mode=all_accounts,"
@@ -389,6 +431,7 @@ TEST_F(SigninHeaderHelperTest, TestSignoutConfirmation) {
  CheckDiceHeaderRequest(
      GURL("https://accounts.google.com"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false",
      base::StringPrintf(
@@ -402,6 +445,7 @@ TEST_F(SigninHeaderHelperTest, TestSignoutConfirmation) {
 TEST_F(SigninHeaderHelperTest, TestMirrorRequestDrive) {
  CheckMirrorHeaderRequest(
      GURL("https://docs.google.com/document"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,id=0123456789,mode=0,enable_account_consistency=false,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(
@@ -413,6 +457,7 @@ TEST_F(SigninHeaderHelperTest, TestMirrorRequestDrive) {
  account_consistency_ = AccountConsistencyMethod::kMirror;
  CheckMirrorHeaderRequest(
      GURL("https://docs.google.com/document"), "0123456789",
+      /*is_child_account=*/base::nullopt,
      "source=TestSource,id=0123456789,mode=0,enable_account_consistency=true,"
      "consistency_enabled_by_default=false");
  CheckMirrorCookieRequest(
@@ -555,7 +600,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorHeaderEligibleRedirectURL) {
  net::HttpRequestHeaders original_headers;
  RequestAdapterWrapper request_adapter(url, original_headers);
  AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
      cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
      false /* force_account_consistency */);
  EXPECT_TRUE(
@@ -573,7 +619,8 @@ TEST_F(SigninHeaderHelperTest, TestMirrorHeaderNonEligibleRedirectURL) {
  original_headers.SetHeader(kChromeConnectedHeader, "foo,bar");
  RequestAdapterWrapper request_adapter(url, original_headers);
  AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
      cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
      false /* force_account_consistency */);
  EXPECT_FALSE(
@@ -592,7 +639,8 @@ TEST_F(SigninHeaderHelperTest, TestIgnoreMirrorHeaderNonEligibleURLs) {
  original_headers.SetHeader(kChromeConnectedHeader, fake_header);
  RequestAdapterWrapper request_adapter(url, original_headers);
  AppendOrRemoveMirrorRequestHeader(
-      request_adapter.adapter(), redirect_url, account_id, account_consistency_,
+      request_adapter.adapter(), redirect_url, account_id,
+      /*is_child_account=*/base::nullopt, account_consistency_,
      cookie_settings_.get(), PROFILE_MODE_DEFAULT, kTestSource,
      false /* force_account_consistency */);
  std::string header;

--- a/weblayer/browser/signin_url_loader_throttle.cc
+++ b/weblayer/browser/signin_url_loader_throttle.cc
@@ -141,8 +141,12 @@ void SigninURLLoaderThrottle::ProcessRequest(
  // Disable incognito and adding accounts for now. This shouldn't matter in
  // practice though since we are skipping the /SignOutOptions page completely
  // with the manage=true param.
+  //
+  // TODO(crbug.com/1134042): Check whether the child account status should also
+  // be sent in the Mirror request header from WebLayer.
  signin::AppendOrRemoveMirrorRequestHeader(
      &request_adapter, new_url, delegate->GetGaiaId(),
+      base::nullopt /* is_child_account */,
      signin::AccountConsistencyMethod::kMirror,
      CookieSettingsFactory::GetForBrowserContext(browser_context_).get(),
      signin::PROFILE_MODE_INCOGNITO_DISABLED |