The network traffic annotation suggests the intent here is to
not include cookies in requests. However, the ResourcRequest's
credentials_mode is still kInclude. This means if the URL has
any SameSite=None cookies, they will be sent in requests.
If this is intentional and you mean to send cookies, let me know
and I will not change credentials_mode, but we should also probably
change the network traffic annotation to avoid future confusion.
If you do not expect the URL to have cookies, I recommend we set
credentials_mode to kOmit anyway to ensure user privacy.
Bug: 402803381
Change-Id: I44b5d032b5dde5e72ed0c00fb5ba59f920169037
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6354120
Commit-Queue: Dylan Cutler <dylancutler@google.com>
Reviewed-by: Ella Ge <eirage@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1432849}
b089bfa8dd