Create 'allow-same-site-none-cookies' Web Sandbox Flag

Define a new Web Sandbox Flag and ensure it is recognized by the parser.

See feature context: https://chromestatus.com/feature/5090336588955648

Bug: 372894175
Change-Id: I5b3dc9e65c8bd74cdffd609f2bdf56f9b0a76185
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5954789
Reviewed-by: Dylan Cutler <dylancutler@google.com>
Reviewed-by: danakj <danakj@chromium.org>
Commit-Queue: Anusha Muley <anushamuley@google.com>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1373270}

components/services/storage/service_worker/service_worker_database_unittest.cc

@@ -3246,11 +3246,12 @@ const network::mojom::WebSandboxFlags kWebSandboxFlags[] = {
     network::mojom::WebSandboxFlags::kDownloads,
     network::mojom::WebSandboxFlags::kStorageAccessByUserActivation,
     network::mojom::WebSandboxFlags::kTopNavigationToCustomProtocols,
+    network::mojom::WebSandboxFlags::kAllowSameSiteNoneCookies,
     network::mojom::WebSandboxFlags::kAll,
 };
 
 static_assert(
-    network::mojom::WebSandboxFlags::kTopNavigationToCustomProtocols ==
+    network::mojom::WebSandboxFlags::kAllowSameSiteNoneCookies ==
         network::mojom::WebSandboxFlags::kMaxValue,
     "The array should contain all the flags");
 

services/network/public/cpp/web_sandbox_flags.cc

@@ -44,6 +44,7 @@ WebSandboxFlags ParseWebSandboxToken(std::string_view token) {
            kTopNavigationByUserActivation},
           {"allow-top-navigation-to-custom-protocols",
            kTopNavigationToCustomProtocols},
+          {"allow-same-site-none-cookies", kAllowSameSiteNoneCookies},
       });
 
   std::string lowered_token = base::ToLowerASCII(token);

services/network/public/cpp/web_sandbox_flags_unittests.cc

@@ -43,6 +43,8 @@ TEST(WebSandboxFlagsTest, All) {
        {~WebSandboxFlags::kTopNavigationByUserActivation, ""}},
       {"allow-top-navigation-to-custom-protocols",
        {~WebSandboxFlags::kTopNavigationToCustomProtocols, ""}},
+      {"allow-same-site-none-cookies",
+       {~WebSandboxFlags::kAllowSameSiteNoneCookies, ""}},
 
       // Two tokens:
       {"allow-downloads allow-forms",

services/network/public/mojom/web_sandbox_flags.mojom

@@ -51,5 +51,8 @@ enum WebSandboxFlags {
   // See https://github.com/whatwg/html/pull/7654
   kTopNavigationToCustomProtocols        = 131072, // 1 << 17
 
+  // See https://github.com/explainers-by-googlers/csp-sandbox-allow-same-site-none-cookies
+  kAllowSameSiteNoneCookies              = 262144, // 1 << 18
+
   kAll                                   = -1, // Mask with all bits set.
 };

third_party/blink/public/common/frame/fenced_frame_sandbox_flags.h

@@ -21,7 +21,8 @@ constexpr network::mojom::WebSandboxFlags kFencedFrameForcedSandboxFlags =
     network::mojom::WebSandboxFlags::kPointerLock |
     network::mojom::WebSandboxFlags::kPresentationController |
     network::mojom::WebSandboxFlags::kStorageAccessByUserActivation |
-    network::mojom::WebSandboxFlags::kTopNavigation;
+    network::mojom::WebSandboxFlags::kTopNavigation |
+    network::mojom::WebSandboxFlags::kAllowSameSiteNoneCookies;
 
 // In fenced frame trees, the features of the following flags are allowed.
 // Sandboxed frames that do not allow these features can't load fenced frames.