[Signin] Send Gaia origin if it is not the default one

If GaiaUrls is using a non-default Gaia origin (due to "gaia-url"
command-line argument, useful for testing) - Mirror header will
include this custom Gaia origin via "gaia_origin" parameter.
No behavior change if the default Gaia origin is used.

Bug: 72498705
Change-Id: I7504d93022545e56b80325ec4a74c73b73a6e448
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6012676
Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Commit-Queue: Boris Sazonov <bsazonov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1382323}

chrome/browser/signin/chrome_signin_helper.cc

@@ -562,7 +562,7 @@ void FixAccountConsistencyRequestHeader(
     ChromeRequestAdapter* request,
     const GURL& redirect_url,
     bool is_off_the_record,
-    int incognito_availibility,
+    int incognito_availability,
     AccountConsistencyMethod account_consistency,
     const std::string& gaia_id,
     signin::Tribool is_child_account,
@@ -583,7 +583,7 @@ void FixAccountConsistencyRequestHeader(
   // The Mirror header may be added on desktop platforms, for integration with
   // Google Drive.
   int profile_mode_mask = PROFILE_MODE_DEFAULT;
-  if (incognito_availibility ==
+  if (incognito_availability ==
           static_cast<int>(policy::IncognitoModeAvailability::kDisabled) ||
       IncognitoModePrefs::ArePlatformParentalControlsEnabled()) {
     profile_mode_mask |= PROFILE_MODE_INCOGNITO_DISABLED;

chrome/browser/signin/chrome_signin_helper_unittest.cc

@@ -13,6 +13,7 @@
 #include "base/strings/stringprintf.h"
 #include "base/test/bind.h"
 #include "build/buildflag.h"
+#include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
@@ -25,6 +26,9 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_delegate.h"
 #include "content/public/test/browser_task_environment.h"
+#include "google_apis/gaia/gaia_switches.h"
+#include "google_apis/gaia/gaia_urls.h"
+#include "google_apis/gaia/gaia_urls_overrider_for_testing.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_response_headers.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
@@ -147,18 +151,6 @@ class MockWebContentsDelegate : public content::WebContentsDelegate {
                    base::OnceCallback<void(content::NavigationHandle&)>));
 };
 
-}  // namespace
-
-using ::testing::_;
-
-class ChromeSigninHelperTest : public ChromeRenderViewHostTestHarness {
- protected:
-  ChromeSigninHelperTest() = default;
-  ~ChromeSigninHelperTest() override = default;
-};
-
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-
 class TestChromeRequestAdapter : public signin::ChromeRequestAdapter {
  public:
   explicit TestChromeRequestAdapter(const GURL& url)
@@ -189,6 +181,18 @@ class TestChromeRequestAdapter : public signin::ChromeRequestAdapter {
   std::vector<std::string> headers_to_remove_;
 };
 
+}  // namespace
+
+using ::testing::_;
+
+class ChromeSigninHelperTest : public ChromeRenderViewHostTestHarness {
+ protected:
+  ChromeSigninHelperTest() = default;
+  ~ChromeSigninHelperTest() override = default;
+};
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+
 // Tests that Dice response headers are removed after being processed.
 TEST_F(ChromeSigninHelperTest, RemoveDiceSigninHeader) {
   // Process the header.
@@ -379,6 +383,68 @@ TEST_F(ChromeSigninHelperTest, MirrorGoIncognitoInactiveWebContents) {
   task_environment()->RunUntilIdle();
 }
 #endif  // BUILDFLAG(IS_ANDROID)
+
+TEST_F(ChromeSigninHelperTest, NonEligibleURL) {
+  // Non-eligible request, no header.
+  TestChromeRequestAdapter request(GURL("https://gmail.com"));
+  signin::FixAccountConsistencyRequestHeader(
+      &request, GURL(), /*is_off_the_record=*/false,
+      /*incognito_availability=*/0, signin::AccountConsistencyMethod::kMirror,
+      "gaia_id", /*is_child_account=*/signin::Tribool::kFalse,
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+      /*is_secondary_account_addition_allowed=*/true,
+#endif
+      CookieSettingsFactory::GetForProfile(profile()).get());
+  EXPECT_EQ(
+      request.modified_headers().GetHeader(signin::kChromeConnectedHeader),
+      std::nullopt);
+}
+
+TEST_F(ChromeSigninHelperTest, EligibleURL) {
+  // Google Docs is eligible for the Mirror header.
+  TestChromeRequestAdapter request(GURL("https://docs.google.com"));
+  signin::FixAccountConsistencyRequestHeader(
+      &request, GURL(), /*is_off_the_record=*/false,
+      /*incognito_availability=*/0, signin::AccountConsistencyMethod::kMirror,
+      "gaia_id", /*is_child_account=*/signin::Tribool::kFalse,
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+      /*is_secondary_account_addition_allowed=*/true,
+#endif
+      CookieSettingsFactory::GetForProfile(profile()).get());
+  std::string expected_header =
+      "source=Chrome,id=gaia_id,mode=0,enable_account_consistency=true,"
+      "supervised=false,consistency_enabled_by_default=false";
+  EXPECT_THAT(
+      request.modified_headers().GetHeader(signin::kChromeConnectedHeader),
+      testing::Optional(expected_header));
+}
+
+TEST_F(ChromeSigninHelperTest, NonDefaultGaiaOrigin) {
+  base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      switches::kGaiaUrl, "http://example.com");
+  auto gaia_urls_override = std::make_unique<GaiaUrls>();
+  GaiaUrls::SetInstanceForTesting(gaia_urls_override.get());
+
+  TestChromeRequestAdapter request(GURL("https://docs.google.com"));
+  signin::FixAccountConsistencyRequestHeader(
+      &request, GURL(), /*is_off_the_record=*/false,
+      /*incognito_availability=*/0, signin::AccountConsistencyMethod::kMirror,
+      "gaia_id", /*is_child_account=*/signin::Tribool::kFalse,
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+      /*is_secondary_account_addition_allowed=*/true,
+#endif
+      CookieSettingsFactory::GetForProfile(profile()).get());
+  std::string expected_header =
+      "source=Chrome,gaia_origin=example.com,id=gaia_id,mode=0,"
+      "enable_account_consistency=true,"
+      "supervised=false,consistency_enabled_by_default=false";
+  EXPECT_THAT(
+      request.modified_headers().GetHeader(signin::kChromeConnectedHeader),
+      testing::Optional(expected_header));
+
+  GaiaUrls::SetInstanceForTesting(nullptr);
+  base::CommandLine::ForCurrentProcess()->RemoveSwitch(switches::kGaiaUrl);
+}
 #endif  // BUILDFLAG(ENABLE_MIRROR)
 
 TEST_F(ChromeSigninHelperTest,

components/signin/core/browser/chrome_connected_header_helper.cc

@@ -14,8 +14,10 @@
 #include "build/chromeos_buildflags.h"
 #include "components/google/core/common/google_util.h"
 #include "components/signin/core/browser/cookie_settings_util.h"
+#include "components/signin/public/base/signin_switches.h"
 #include "components/signin/public/identity_manager/tribool.h"
 #include "google_apis/gaia/gaia_auth_util.h"
+#include "google_apis/gaia/gaia_urls.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "url/gurl.h"
 
@@ -33,6 +35,7 @@ const char kConsistencyEnabledByDefaultAttrName[] =
 const char kContinueUrlAttrName[] = "continue_url";
 const char kEmailAttrName[] = "email";
 const char kEnableAccountConsistencyAttrName[] = "enable_account_consistency";
+const char kGaiaOriginAttrName[] = "gaia_origin";
 const char kGaiaIdAttrName[] = "id";
 const char kIsSameTabAttrName[] = "is_same_tab";
 const char kIsSamlAttrName[] = "is_saml";
@@ -196,6 +199,13 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
     parts.push_back(
         base::StringPrintf("%s=%s", kSourceAttrName, source.c_str()));
   }
+
+  if (base::FeatureList::IsEnabled(kNonDefaultGaiaOriginCheck) &&
+      !GaiaUrls::GetInstance()->IsUsingDefaultGaiaOrigin()) {
+    parts.push_back(
+        base::StringPrintf("%s=%s", kGaiaOriginAttrName,
+                           GaiaUrls::GetInstance()->gaia_origin().host()));
+  }
 // If we are on mobile or desktop, an empty |account_id| corresponds to the user
 // not signed into Sync. Do not enforce account consistency, unless Mice is
 // enabled on mobile (Android or iOS).

components/signin/public/base/signin_switches.cc

@@ -223,3 +223,7 @@ BASE_FEATURE(kIgnoreMirrorHeadersInBackgoundTabs,
              "IgnoreMirrorHeadersInBackgoundTabs",
              base::FEATURE_ENABLED_BY_DEFAULT);
 #endif
+
+BASE_FEATURE(kNonDefaultGaiaOriginCheck,
+             "NonDefaultGaiaOriginCheck",
+             base::FEATURE_ENABLED_BY_DEFAULT);

components/signin/public/base/signin_switches.h

@@ -188,4 +188,7 @@ COMPONENT_EXPORT(SIGNIN_SWITCHES)
 BASE_DECLARE_FEATURE(kIgnoreMirrorHeadersInBackgoundTabs);
 #endif
 
+COMPONENT_EXPORT(SIGNIN_SWITCHES)
+BASE_DECLARE_FEATURE(kNonDefaultGaiaOriginCheck);
+
 #endif  // COMPONENTS_SIGNIN_PUBLIC_BASE_SIGNIN_SWITCHES_H_

google_apis/gaia/gaia_urls.cc

@@ -354,6 +354,11 @@ GURL GaiaUrls::LogOutURLWithContinueURL(const GURL& continue_url) {
   return service_logout_url_.Resolve(params);
 }
 
+bool GaiaUrls::IsUsingDefaultGaiaOrigin() const {
+  return gaia_origin().IsSameOriginWith(
+      url::Origin::Create(GURL(kDefaultGaiaUrl)));
+}
+
 void GaiaUrls::InitializeDefault() {
   SetDefaultURLIfInvalid(&google_url_, switches::kGoogleUrl, kDefaultGoogleUrl);
   SetDefaultOriginIfOpaqueOrInvalidScheme(&gaia_origin_, switches::kGaiaUrl,

google_apis/gaia/gaia_urls.h

@@ -79,6 +79,11 @@ class COMPONENT_EXPORT(GOOGLE_APIS) GaiaUrls {
   // If no continue_url is given, continues to https://accounts.google.com.
   GURL LogOutURLWithContinueURL(const GURL& contine_url);
 
+  // Whether `gaia_url` points to the default Gaia URL or a custom one. Avoid
+  // using this method - it is intended for tweaking behavior for manual
+  // testing.
+  bool IsUsingDefaultGaiaOrigin() const;
+
  private:
   friend struct base::DefaultSingletonTraits<GaiaUrls>;