Migrate some request privacy settings to the new API.

This CL handles the cases where there's no behavior change (i.e. the caller set
all three load flags).

Bug: 799935
Cq-Include-Trybots: luci.chromium.try:linux_mojo
Change-Id: I9953b8ffe907f77c3a962286b55a3e05d1d41a3a
Reviewed-on: https://chromium-review.googlesource.com/1153462
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Cait Phillips <caitkp@chromium.org>
Reviewed-by: Mitsuru Oshima <oshima@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Jesse Selover <jselover@chromium.org>
Cr-Commit-Position: refs/heads/master@{#583500}

chrome/browser/android/feedback/connectivity_checker.cc

@@ -141,10 +141,8 @@ void ConnectivityChecker::StartAsyncCheck() {
   url_fetcher_->SetStopOnRedirect(true);
   url_fetcher_->SetAutomaticallyRetryOn5xx(false);
   url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(0);
-  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-                             net::LOAD_DO_NOT_SAVE_COOKIES |
-                             net::LOAD_DO_NOT_SEND_COOKIES |
-                             net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE);
+  url_fetcher_->SetAllowCredentials(false);
   url_fetcher_->Start();
   expiration_timer_.reset(new base::OneShotTimer());
   expiration_timer_->Start(FROM_HERE, timeout_, this,

chrome/browser/android/rlz/rlz_ping_handler.cc

@@ -113,9 +113,8 @@ void RlzPingHandler::Ping(
 
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = request_url;
-  resource_request->load_flags =
-      net::LOAD_DISABLE_CACHE | net::LOAD_DO_NOT_SEND_AUTH_DATA |
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->allow_credentials = false;
 
   simple_url_loader_ = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation);

chrome/browser/android/webapk/webapk_installer.cc

@@ -647,8 +647,7 @@ void WebApkInstaller::SendRequest(
       net::URLFetcher::Create(server_url_, net::URLFetcher::POST, this);
   url_fetcher_->SetRequestContext(GetRequestContext(browser_context_));
   url_fetcher_->SetUploadData(kProtoMimeType, *serialized_proto);
-  url_fetcher_->SetLoadFlags(
-      net::LOAD_DISABLE_CACHE | net::LOAD_DO_NOT_SEND_COOKIES |
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
+  url_fetcher_->SetAllowCredentials(false);
   url_fetcher_->Start();
 }

chrome/browser/chromeos/customization/customization_document.cc

@@ -573,10 +573,8 @@ void ServicesCustomizationDocument::DoStartFileFetch() {
   url_fetcher_ = net::URLFetcher::Create(url_, net::URLFetcher::GET, this);
   url_fetcher_->SetRequestContext(g_browser_process->system_request_context());
   url_fetcher_->AddExtraRequestHeader("Accept: application/json");
-  url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
-                             net::LOAD_DO_NOT_SAVE_COOKIES |
-                             net::LOAD_DISABLE_CACHE |
-                             net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
+  url_fetcher_->SetAllowCredentials(false);
   url_fetcher_->Start();
 }
 

chrome/browser/chromeos/customization/customization_wallpaper_downloader.cc

@@ -88,9 +88,8 @@ void CustomizationWallpaperDownloader::StartRequest() {
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = wallpaper_url_;
   resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES |
-      net::LOAD_DO_NOT_SEND_AUTH_DATA;
+      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE;
+  resource_request->allow_credentials = false;
   // TODO(crbug.com/833390): Add a real traffic annotation here.
   simple_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                     MISSING_TRAFFIC_ANNOTATION);

chrome/browser/intranet_redirect_detector.cc

@@ -118,9 +118,8 @@ void IntranetRedirectDetector::FinishSleep() {
     resource_request->url = random_url;
     resource_request->method = "HEAD";
     // We don't want these fetches to affect existing state in the profile.
-    resource_request->load_flags =
-        net::LOAD_DISABLE_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
-        net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA;
+    resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+    resource_request->allow_credentials = false;
     network::mojom::URLLoaderFactory* loader_factory =
         g_browser_process->system_network_context_manager()
             ->GetURLLoaderFactory();

chrome/browser/media/router/discovery/dial/dial_url_fetcher.cc

@@ -111,12 +111,8 @@ void DialURLFetcher::Start(const GURL& url,
   // net::LOAD_BYPASS_PROXY: Proxies almost certainly hurt more cases than they
   //     help.
   // net::LOAD_DISABLE_CACHE: The request should not touch the cache.
-  // net::LOAD_DO_NOT_{SAVE,SEND}_COOKIES: The request should not touch cookies.
-  // net::LOAD_DO_NOT_SEND_AUTH_DATA: The request should not send auth data.
-  request->load_flags = net::LOAD_BYPASS_PROXY | net::LOAD_DISABLE_CACHE |
-                        net::LOAD_DO_NOT_SAVE_COOKIES |
-                        net::LOAD_DO_NOT_SEND_COOKIES |
-                        net::LOAD_DO_NOT_SEND_AUTH_DATA;
+  request->load_flags = net::LOAD_BYPASS_PROXY | net::LOAD_DISABLE_CACHE;
+  request->allow_credentials = false;
 
   loader_ = network::SimpleURLLoader::Create(std::move(request),
                                              kDialUrlFetcherTrafficAnnotation);

chrome/browser/ssl/common_name_mismatch_handler.cc

@@ -79,9 +79,7 @@ void CommonNameMismatchHandler::CheckSuggestedUrl(
   // since then the connection may be reused without checking the cert.
   resource_request->url = check_url_;
   resource_request->method = "HEAD";
-  resource_request->load_flags = net::LOAD_DO_NOT_SAVE_COOKIES |
-                                 net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SEND_AUTH_DATA;
+  resource_request->allow_credentials = false;
 
   simple_url_loader_ = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation);

chromeos/geolocation/simple_geolocation_request.cc

@@ -440,11 +440,8 @@ void SimpleGeolocationRequest::StartRequest() {
       net::URLFetcher::Create(request_url_, net::URLFetcher::POST, this);
   url_fetcher_->SetRequestContext(url_context_getter_.get());
   url_fetcher_->SetUploadData("application/json", request_body);
-  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE |
-                             net::LOAD_DISABLE_CACHE |
-                             net::LOAD_DO_NOT_SAVE_COOKIES |
-                             net::LOAD_DO_NOT_SEND_COOKIES |
-                             net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE);
+  url_fetcher_->SetAllowCredentials(false);
 
   // Call test hook before asynchronous request actually starts.
   if (g_test_request_hook)

chromeos/timezone/timezone_request.cc

@@ -340,11 +340,8 @@ void TimeZoneRequest::StartRequest() {
   url_fetcher_ =
       net::URLFetcher::Create(request_url_, net::URLFetcher::GET, this);
   url_fetcher_->SetRequestContext(url_context_getter_.get());
-  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE |
-                             net::LOAD_DISABLE_CACHE |
-                             net::LOAD_DO_NOT_SAVE_COOKIES |
-                             net::LOAD_DO_NOT_SEND_COOKIES |
-                             net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE);
+  url_fetcher_->SetAllowCredentials(false);
   url_fetcher_->Start();
 }
 

components/captive_portal/captive_portal_detector.cc

@@ -40,9 +40,8 @@ void CaptivePortalDetector::DetectCaptivePortal(
 
   // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,
   // since then the connection may be reused without checking the cert.
-  resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA;
+  resource_request->load_flags = net::LOAD_BYPASS_CACHE;
+  resource_request->allow_credentials = false;
 
   // TODO(jam): switch to using ServiceURLLoader to track data measurement once
   // https://crbug.com/808498 is fixed.

components/feed/core/feed_networking_host.cc

@@ -174,9 +174,8 @@ std::unique_ptr<network::SimpleURLLoader> NetworkFetch::MakeLoader() {
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
 
-  resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA;
+  resource_request->load_flags = net::LOAD_BYPASS_CACHE;
+  resource_request->allow_credentials = false;
   resource_request->headers = headers;
   resource_request->method = request_type_;
 

components/metrics/net/net_metrics_log_uploader.cc

@@ -200,9 +200,7 @@ void NetMetricsLogUploader::UploadLogToURL(
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
   // Drop cookies and auth data.
-  resource_request->load_flags = net::LOAD_DO_NOT_SEND_AUTH_DATA |
-                                 net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->allow_credentials = false;
   resource_request->method = "POST";
 
   std::string reporting_info_string = SerializeReportingInfo(reporting_info);

components/network_time/network_time_tracker.cc

@@ -472,9 +472,8 @@ void NetworkTimeTracker::CheckTime() {
   resource_request->url = url;
   // Not expecting any cookies, but just in case.
   resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES |
-      net::LOAD_DO_NOT_SEND_AUTH_DATA;
+      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE;
+  resource_request->allow_credentials = false;
   // This cancels any outstanding fetch.
   time_fetcher_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                    traffic_annotation);

components/quirks/quirks_client.cc

@@ -88,9 +88,8 @@ void QuirksClient::StartDownload() {
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = GURL(url);
   resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES |
-      net::LOAD_DO_NOT_SEND_AUTH_DATA;
+      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE;
+  resource_request->allow_credentials = false;
 
   net::NetworkTrafficAnnotationTag traffic_annotation =
       net::DefineNetworkTrafficAnnotation("quirks_display_fetcher", R"(

components/variations/service/variations_service.cc

@@ -516,9 +516,7 @@ bool VariationsService::DoFetchFromURL(const GURL& url, bool is_http_retry) {
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
-  resource_request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SEND_AUTH_DATA |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->allow_credentials = false;
   bool enable_deltas = false;
   std::string serial_number =
       field_trial_creator_.seed_store()->GetLatestSerialNumber();

net/dns/dns_transaction.cc

@@ -389,9 +389,8 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate {
 
     request_->SetExtraRequestHeaders(extra_request_headers);
     request_->SetLoadFlags(request_->load_flags() | LOAD_DISABLE_CACHE |
-                           LOAD_BYPASS_PROXY | LOAD_DO_NOT_SEND_COOKIES |
-                           LOAD_DO_NOT_SAVE_COOKIES |
-                           LOAD_DO_NOT_SEND_AUTH_DATA);
+                           LOAD_BYPASS_PROXY);
+    request_->set_allow_credentials(false);
   }
 
   // DnsAttempt overrides.

rlz/lib/financial_ping.cc

@@ -306,9 +306,8 @@ void PingRlzServer(std::string url,
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = GURL(url);
-  resource_request->load_flags =
-      net::LOAD_DISABLE_CACHE | net::LOAD_DO_NOT_SEND_AUTH_DATA |
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->allow_credentials = false;
 
   auto url_loader = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation);

services/network/expect_ct_reporter.cc

@@ -254,10 +254,8 @@ void ExpectCTReporter::SendPreflight(const GURL& report_uri,
   std::unique_ptr<net::URLRequest> url_request =
       request_context_->CreateRequest(report_uri, net::DEFAULT_PRIORITY, this,
                                       kExpectCTReporterTrafficAnnotation);
-  url_request->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-                            net::LOAD_DO_NOT_SEND_AUTH_DATA |
-                            net::LOAD_DO_NOT_SEND_COOKIES |
-                            net::LOAD_DO_NOT_SAVE_COOKIES);
+  url_request->SetLoadFlags(net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE);
+  url_request->set_allow_credentials(false);
   url_request->set_method("OPTIONS");
 
   net::HttpRequestHeaders extra_headers;

services/network/public/cpp/network_ipc_param_traits.h

@@ -136,6 +136,7 @@ IPC_STRUCT_TRAITS_BEGIN(network::ResourceRequest)
   IPC_STRUCT_TRAITS_MEMBER(is_prerendering)
   IPC_STRUCT_TRAITS_MEMBER(headers)
   IPC_STRUCT_TRAITS_MEMBER(load_flags)
+  IPC_STRUCT_TRAITS_MEMBER(allow_credentials)
   IPC_STRUCT_TRAITS_MEMBER(plugin_child_id)
   IPC_STRUCT_TRAITS_MEMBER(resource_type)
   IPC_STRUCT_TRAITS_MEMBER(priority)

services/network/public/cpp/resource_request.h

@@ -73,6 +73,10 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest {
   // net::URLRequest load flags (0 by default).
   int load_flags = 0;
 
+  // If false, calls set_allow_credentials(false) on the
+  // net::URLRequest.
+  bool allow_credentials = true;
+
   // If this request originated from a pepper plugin running in a child
   // process, this identifies which process it came from. Otherwise, it
   // is zero.

services/network/url_loader.cc

@@ -365,6 +365,16 @@ URLLoader::URLLoader(
   }
 
   url_request_->SetLoadFlags(request.load_flags);
+
+  // Use allow credentials unless credential load flags have been explicitly
+  // set.
+  if (!request.allow_credentials) {
+    DCHECK((request.load_flags &
+            (net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES |
+             net::LOAD_DO_NOT_SEND_AUTH_DATA)) == 0);
+    url_request_->set_allow_credentials(false);
+  }
+
   if (report_raw_headers_) {
     url_request_->SetRequestHeadersCallback(
         base::Bind(&net::HttpRawRequestHeaders::Assign,