[Lens / Cookies] Grant secure cookie exemptions for Lens side panel [chromium/src : main]
0 views
Skip to first unread message
Duncan Mercer (Gerrit)
Mar 31, 2026, 5:10:03 PMMar 31
to Theresa Sullivan, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Theresa Sullivan
Duncan Mercer voted Commit-Queue+1![]( "Open in Gerrit")
| Commit-Queue | +1 |
Related details
Attention is currently required from:
- Theresa Sullivan
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Mar 31, 2026, 5:10:45 PMMar 31
to Lily Chen, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Lily Chen
Duncan Mercer added 1 comment![]( "Open in Gerrit")
Patchset-level comments
File-level comment, Patchset 12 (Latest):
Duncan Mercer . resolved
Hi Lily! Can you take a general look at this before I send to all the respective owners?
Related details
Attention is currently required from:
- Lily Chen
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Lily Chen (Gerrit)
Apr 1, 2026, 12:06:17 AMApr 1
to Duncan Mercer, Lily Chen, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Duncan Mercer
Lily Chen added 4 comments![]( "Open in Gerrit")
File chrome/browser/chrome_content_browser_client.cc
Line 2134, Patchset 12 (Latest):
top_frame_origin.scheme() == content::kChromeUIUntrustedScheme &&
top_frame_origin.host() == chrome::kChromeUILensHost) {Lily Chen . unresolved
We should check the whole origin, not just scheme and host. In theory top_frame_origin could be something cursed like chrome-untrusted://lens:8880 and that shouldn't return true here. Could we instead make a GURL out of the Lens URL and then convert that to an origin to check against top_frame_origin? (same below)
File content/browser/devtools/devtools_url_loader_interceptor.cc
Line 1528, Patchset 12 (Latest):
url::Origin::Create(create_loader_params_->request
.site_for_cookies.RepresentativeUrl()),Lily Chen . unresolved
nit: use request.isolation_info.top_frame_origin instead
Line 1691, Patchset 12 (Latest):
url::Origin::Create(request.site_for_cookies.RepresentativeUrl()),Lily Chen . unresolved
ditto
File content/browser/renderer_host/render_frame_host_impl.cc
Line 5483, Patchset 12 (Latest):
// Reset the SiteForCookies if the top frame origin is of a scheme that shouldLily Chen . unresolved
nit: update comment
Related details
Attention is currently required from:
- Duncan Mercer
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Apr 9, 2026, 4:14:50 PM (10 days ago) Apr 9
to Lily Chen, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Lily Chen
Duncan Mercer added 4 comments![]( "Open in Gerrit")
File chrome/browser/chrome_content_browser_client.cc
Line 2134, Patchset 12:
top_frame_origin.scheme() == content::kChromeUIUntrustedScheme &&
top_frame_origin.host() == chrome::kChromeUILensHost) {Lily Chen . resolved
We should check the whole origin, not just scheme and host. In theory top_frame_origin could be something cursed like chrome-untrusted://lens:8880 and that shouldn't return true here. Could we instead make a GURL out of the Lens URL and then convert that to an origin to check against top_frame_origin? (same below)
Duncan Mercer
Done
File content/browser/devtools/devtools_url_loader_interceptor.cc
Line 1528, Patchset 12:
url::Origin::Create(create_loader_params_->request
.site_for_cookies.RepresentativeUrl()),Lily Chen . resolved
Duncan Mercernit: use request.isolation_info.top_frame_origin instead
Done
Line 1691, Patchset 12:
url::Origin::Create(request.site_for_cookies.RepresentativeUrl()),Lily Chen . resolved
Duncan Mercerditto
Done
File content/browser/renderer_host/render_frame_host_impl.cc
Line 5483, Patchset 12:
// Reset the SiteForCookies if the top frame origin is of a scheme that shouldLily Chen . resolved
Duncan Mercernit: update comment
Done
Related details
Attention is currently required from:
- Lily Chen
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Apr 9, 2026, 4:15:14 PM (10 days ago) Apr 9
to Lily Chen, Chromium LUCI CQ, AyeAye, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Lily Chen
Duncan Mercer added 1 comment![]( "Open in Gerrit")
Patchset-level comments
File-level comment, Patchset 15 (Latest):
Duncan Mercer . unresolved
Unresolved comment to my self to re-verify the changes work before submitting.
Related details
Attention is currently required from:
- Lily Chen
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Apr 10, 2026, 10:19:30 AM (9 days ago) Apr 10
to Lily Chen, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Lily Chen
Duncan Mercer voted and added 1 comment![]( "Open in Gerrit")
Votes added by Duncan Mercer
| Commit-Queue | +1 |
Unresolved comment to my self to re-verify the changes work before submitting.
Duncan Mercer
Done
Related details
Attention is currently required from:
- Lily Chen
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Lily Chen (Gerrit)
Apr 11, 2026, 4:46:17 PM (8 days ago) Apr 11
to Duncan Mercer, Lily Chen, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Duncan Mercer
Lily Chen voted Code-Review+1![]( "Open in Gerrit")
Attention is currently required from:
- Duncan Mercer
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Apr 13, 2026, 10:02:35 AM (6 days ago) Apr 13
to Avi Drissman, Jonathan Ross, Eric Orth, Alex Rudenko, Lily Chen, chromiu...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Alex Rudenko, Avi Drissman, Eric Orth and Jonathan Ross
Duncan Mercer added 1 comment![]( "Open in Gerrit")
Patchset-level comments
File-level comment, Patchset 16 (Latest):
Duncan Mercer . resolved
Adding relevant file owners. Lily already took an overall review, so please review the files you have owners in.
Related details
Attention is currently required from:
- Alex Rudenko
- Avi Drissman
- Eric Orth
- Jonathan Ross
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Avi Drissman (Gerrit)
Apr 13, 2026, 10:34:09 AM (6 days ago) Apr 13
to Duncan Mercer, Avi Drissman, Jonathan Ross, Eric Orth, Alex Rudenko, Lily Chen, chromiu...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Attention needed from Alex Rudenko, Duncan Mercer, Eric Orth and Jonathan Ross
Avi Drissman voted Code-Review+1![]( "Open in Gerrit")
Attention is currently required from:
- Alex Rudenko
- Duncan Mercer
- Eric Orth
- Jonathan Ross
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Duncan Mercer (Gerrit)
Apr 13, 2026, 10:39:00 AM (6 days ago) Apr 13
to Avi Drissman, Lily Chen, chromiu...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
Duncan Mercer voted Commit-Queue+2![]( "Open in Gerrit")
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
chromium-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)
Apr 13, 2026, 11:44:26 AM (6 days ago) Apr 13
to Duncan Mercer, Avi Drissman, Lily Chen, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, devtools...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, blink-...@chromium.org, blink-re...@chromium.org, alexmo...@chromium.org, creis...@chromium.org, dullweb...@chromium.org, ipc-securi...@chromium.org, msrame...@chromium.org, navigation...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org
chromiu...@luci-project-accounts.iam.gserviceaccount.com submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[Lens / Cookies] Grant secure cookie exemptions for Lens side panel
This change grants a temporary secure cookie exemption for the Lens untrusted side panel (chrome-untrusted://lens) to use SameSite cookies. It updates ContentBrowserClient to support origin-based first-party cookie checks and registers the Lens origin in ProfileNetworkContextService and ChromeContentRendererClient.
Bug: b:483614998
Change-Id: I7e7e06819012fc3deef8ab13fc3ecb5e89f49bef
Reviewed-by: Lily Chen <chl...@chromium.org>
Reviewed-by: Avi Drissman <a...@chromium.org>
Commit-Queue: Duncan Mercer <mer...@google.com>
Cr-Commit-Position: refs/heads/main@{#1613745}
Files:
- M chrome/browser/chrome_content_browser_client.cc
- M chrome/browser/chrome_content_browser_client.h
- M chrome/browser/net/profile_network_context_service.cc
- M chrome/renderer/chrome_content_renderer_client.cc
- M content/browser/devtools/devtools_url_loader_interceptor.cc
- M content/browser/renderer_host/render_frame_host_impl.cc
- M content/browser/renderer_host/render_frame_host_impl_browsertest.cc
- M content/public/browser/content_browser_client.cc
- M content/public/browser/content_browser_client.h
Change size: M
Delta: 9 files changed, 85 insertions(+), 31 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Lily Chen, +1 by Avi Drissman
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages