Remove LOAD_DO_NOT_* credentials flags and replace them with

allow_credentials, removing HTTP authentication data.

This CL is part of a larger project to remove the LOAD_DO_NOT_* privacy load
flags and replace them with the allow_credentials setting. See
https://crbug.com/799935,
https://docs.google.com/document/d/1ntn9N7Ce2jozvvpWI0XbzJ7lJdwUjJXK07wp7rxrIN4,
and
go/allow-credentials-tracker
for the motivation and progress of this change.

This CL handles the final third of cases where LOAD_DO_NOT_SEND_COOKIES and
LOAD_DO_NOT_SAVE_COOKIES were set, but LOAD_DO_NOT_SEND_AUTH_DATA was not.
This CL will set allow_credentials = false instead, which will make two
changes to the requests:

- The request will no longer participate in HTTP auth if the server requests
  it. HTTP auth credentials identify the user, so private requests should
  not send them. Note this only affects server auth, not proxy auth. Unless
  the server your feature speaks to requests HTTP auth, this is a no-op.
- The request will be pooled with sockets used for uncredentialed requests,
  rather than credentialed requests. This is not expected to meaningfully
  change behavior.

If your code requires HTTP authentication, let me know. You may need to
allow credentials for your request.

Bug: 799935
Change-Id: I920651ad921c0b042e765b81520ea49955014100
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1580465
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Cait Phillips <caitkp@chromium.org>
Reviewed-by: Jian Li <jianli@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: Yuwei Huang <yuweih@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Reviewed-by: Joshua Pawlicki <waffles@chromium.org>
Reviewed-by: Olga Sharonova <olka@chromium.org>
Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#686551}

components/sync/engine/net/http_bridge.cc

@@ -267,8 +267,8 @@ void HttpBridge::MakeAsynchronousPost() {
   resource_request->url = url_for_request_;
   resource_request->method = "POST";
   resource_request->load_flags =
-      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE |
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES;
+      net::LOAD_BYPASS_CACHE | net::LOAD_DISABLE_CACHE;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
 
   if (!extra_headers_.empty())
     resource_request->headers.AddHeadersFromString(extra_headers_);

components/translate/core/browser/translate_script_unittest.cc

@@ -94,11 +94,8 @@ TEST_F(TranslateScriptTest, CheckScriptParameters) {
   EXPECT_EQ(expected_url.GetOrigin().spec(), url.GetOrigin().spec());
   EXPECT_EQ(expected_url.path(), url.path());
 
-  int load_flags = last_resource_request.load_flags;
-  EXPECT_EQ(net::LOAD_DO_NOT_SEND_COOKIES,
-            load_flags & net::LOAD_DO_NOT_SEND_COOKIES);
-  EXPECT_EQ(net::LOAD_DO_NOT_SAVE_COOKIES,
-            load_flags & net::LOAD_DO_NOT_SAVE_COOKIES);
+  EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+            last_resource_request.credentials_mode);
 
   std::string expected_extra_headers =
       base::StringPrintf("%s\r\n\r\n", TranslateScript::kRequestHeader);

components/translate/core/browser/translate_url_fetcher.cc

@@ -95,8 +95,7 @@ bool TranslateURLFetcher::Request(const GURL& url,
   // Create and initialize URL loader.
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url_;
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   if (!extra_request_header_.empty())
     resource_request->headers.AddHeaderFromString(extra_request_header_);
 

components/translate/ios/browser/translate_controller.mm

@@ -226,8 +226,7 @@
   auto request = std::make_unique<network::ResourceRequest>();
   request->method = method;
   request->url = GURL(url);
-  request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   auto fetcher = network::SimpleURLLoader::Create(std::move(request),
                                                   NO_TRAFFIC_ANNOTATION_YET);
   fetcher->AttachStringForUpload(body, "application/x-www-form-urlencoded");

components/update_client/net/network_impl.cc

@@ -106,9 +106,8 @@ void NetworkFetcherImpl::PostRequest(
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
   resource_request->method = "POST";
-  resource_request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES |
-                                 net::LOAD_DISABLE_CACHE;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   for (const auto& header : post_additional_headers)
     resource_request->headers.SetHeader(header.first, header.second);
   simple_url_loader_ = network::SimpleURLLoader::Create(
@@ -149,9 +148,8 @@ void NetworkFetcherImpl::DownloadToFile(
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
   resource_request->method = "GET";
-  resource_request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES |
-                                 net::LOAD_DISABLE_CACHE;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   simple_url_loader_ = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation);
   simple_url_loader_->SetRetryOptions(

components/web_resource/web_resource_service.cc

@@ -154,9 +154,8 @@ void WebResourceService::StartFetch() {
   resource_request->url = web_resource_server;
   // Do not let url fetcher affect existing state in system context
   // (by setting cookies, for example).
-  resource_request->load_flags = net::LOAD_DISABLE_CACHE |
-                                 net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   simple_url_loader_ = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation_);
   simple_url_loader_->DownloadToStringOfUnboundedSizeUntilCrashAndDie(

content/browser/media/url_provision_fetcher.cc

@@ -77,8 +77,7 @@ void URLProvisionFetcher::Retrieve(
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = GURL(request_string);
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   resource_request->method = "POST";
   resource_request->headers.SetHeader("User-Agent", "Widevine CDM v1.0");
   simple_url_loader_ = network::SimpleURLLoader::Create(

extensions/browser/content_hash_fetcher.cc

@@ -83,9 +83,8 @@ void ContentHashFetcher::Start(HashFetcherCallback hash_fetcher_callback) {
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = fetch_params_.fetch_url;
-  resource_request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
-                                 net::LOAD_DO_NOT_SAVE_COOKIES |
-                                 net::LOAD_DISABLE_CACHE;
+  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
 
   network::mojom::URLLoaderFactoryPtr url_loader_factory_ptr;
   url_loader_factory_ptr.Bind(

extensions/browser/guest_view/web_view/web_ui/web_ui_url_fetcher.cc

@@ -56,8 +56,7 @@ void WebUIURLFetcher::Start() {
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url_;
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   fetcher_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                               traffic_annotation);
   fetcher_->DownloadToStringOfUnboundedSizeUntilCrashAndDie(

google_apis/drive/base_requests.cc

@@ -315,8 +315,8 @@ void UrlFetchRequestBase::StartAfterPrepare(
   auto request = std::make_unique<network::ResourceRequest>();
   request->url = url;
   request->method = GetRequestType();
-  request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
-                        net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DISABLE_CACHE;
+  request->load_flags = net::LOAD_DISABLE_CACHE;
+  request->credentials_mode = network::mojom::CredentialsMode::kOmit;
 
   // Add request headers.
   // Note that SetHeader clears the current headers and sets it to the passed-in

google_apis/gaia/gaia_oauth_client.cc

@@ -386,8 +386,7 @@ void GaiaOAuthClient::Core::SendRequestImpl() {
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url_;
   resource_request->method = post_body_.empty() ? "GET" : "POST";
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   if (!authorization_header_.empty())
     resource_request->headers.SetHeader("Authorization", authorization_header_);
 

google_apis/gaia/oauth2_access_token_fetcher_impl.cc

@@ -120,8 +120,7 @@ static std::unique_ptr<network::SimpleURLLoader> CreateURLLoader(
 
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   if (!body.empty())
     resource_request->method = "POST";
 

google_apis/gaia/oauth2_api_call_flow.cc

@@ -89,8 +89,7 @@ std::unique_ptr<network::SimpleURLLoader> OAuth2ApiCallFlow::CreateURLLoader(
   auto request = std::make_unique<network::ResourceRequest>();
   request->url = CreateApiCallUrl();
   request->method = request_type;
-  request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   request->headers.SetHeader("Authorization",
                              MakeAuthorizationValue(access_token));
   std::unique_ptr<network::SimpleURLLoader> result =

google_apis/gcm/engine/checkin_request.cc

@@ -183,8 +183,7 @@ void CheckinRequest::Start() {
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = checkin_url_;
   resource_request->method = "POST";
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   url_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                  traffic_annotation);
   url_loader_->AttachStringForUpload(upload_data, kRequestContentType);

google_apis/gcm/engine/registration_request.cc

@@ -177,8 +177,7 @@ void RegistrationRequest::Start() {
   auto request = std::make_unique<network::ResourceRequest>();
   request->url = registration_url_;
   request->method = "POST";
-  request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   BuildRequestHeaders(&request->headers);
 
   std::string body;

google_apis/gcm/engine/registration_request_unittest.cc

@@ -462,8 +462,8 @@ TEST_F(InstanceIDGetTokenRequestTest, RequestDataAndURL) {
   const network::ResourceRequest* pending_request;
   ASSERT_TRUE(
       test_url_loader_factory()->IsPending(kRegistrationURL, &pending_request));
-  EXPECT_TRUE(pending_request->load_flags & net::LOAD_DO_NOT_SEND_COOKIES);
-  EXPECT_TRUE(pending_request->load_flags & net::LOAD_DO_NOT_SAVE_COOKIES);
+  EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+            pending_request->credentials_mode);
 
   // Verify that authorization header was put together properly.
   const net::HttpRequestHeaders* headers =

google_apis/gcm/engine/unregistration_request.cc

@@ -162,8 +162,7 @@ void UnregistrationRequest::Start() {
   auto request = std::make_unique<network::ResourceRequest>();
   request->url = registration_url_;
   request->method = "POST";
-  request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   BuildRequestHeaders(&request->headers);
 
   std::string body;

google_apis/gcm/engine/unregistration_request_unittest.cc

@@ -115,8 +115,8 @@ TEST_F(GCMUnregistrationRequestTest, RequestDataPassedToFetcher) {
   const network::ResourceRequest* pending_request;
   ASSERT_TRUE(
       test_url_loader_factory()->IsPending(kRegistrationURL, &pending_request));
-  EXPECT_TRUE(pending_request->load_flags & net::LOAD_DO_NOT_SEND_COOKIES);
-  EXPECT_TRUE(pending_request->load_flags & net::LOAD_DO_NOT_SAVE_COOKIES);
+  EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+            pending_request->credentials_mode);
 
   // Verify that authorization header was put together properly.
   const net::HttpRequestHeaders* headers =

ios/chrome/browser/omaha/omaha_service.mm

@@ -549,8 +549,7 @@ GURL url(ios::GetChromeBrowserProvider()
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = url;
   resource_request->method = "POST";
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
 
   // If this is not the first try, notify the omaha server.
   if (number_of_tries_ && IsNextPingInstallRetry()) {

remoting/base/chromium_url_request.cc

@@ -33,8 +33,7 @@ ChromiumUrlRequest::ChromiumUrlRequest(
   resource_request_ = std::make_unique<network::ResourceRequest>();
   resource_request_->url = GURL(url);
   resource_request_->method = request_type;
-  resource_request_->load_flags =
-      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_DO_NOT_SEND_COOKIES;
+  resource_request_->credentials_mode = network::mojom::CredentialsMode::kOmit;
   resource_request_->referrer = GURL("https://chrome.google.com/remotedesktop");
 }
 

third_party/libaddressinput/chromium/chrome_metadata_source.cc

@@ -90,8 +90,7 @@ void ChromeMetadataSource::Download(const std::string& key,
         })");
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = resource;
-  resource_request->load_flags =
-      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
+  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
   std::unique_ptr<network::SimpleURLLoader> loader =
       network::SimpleURLLoader::Create(std::move(resource_request),
                                        traffic_annotation);