ContentBrowserClient::OnCookiesRead/OnCookiesChanged now called on IO thread. (In this release only, sorry about that).
OnCookiesRead/OnCookiesChanged are now in WebContentsObserver (and back to UI thread).
The following methods were removed from ContentBrowserClient:
Following were added:
This means the policy for which cookies are permitted lives in the network service, and is applied to both network and JS cookies consistently. If your settings requirements can be expressed via components/content_settings patterns and are per-NetworkContext, you can just fill them into the cookie_manager_params field in NetworkContextParams when creating the NetworkContext and not do anything else. If they need to change dynamically, there are methods on CookieManager mojo interface (an instance is available on StoragePartition) to push new settings — see e.g. ProfileNetworkContextService::OnContentSettingChanged.
Really fine-grained modifications may be possible via TrustedHeaderClient.