Update to Chromium version 86.0.4240.198

If a WeakPtr references an already-destroyed object, operator-> and
operator* end up simply dereferencing nullptr. However, dereferencing
nullptr is undefined behavior and can be optimized in surprising ways
by compilers. To prevent this from happening, add a defence of last
resort and CHECK that the WeakPtr is still valid.

Based on https://crrev.com/bbb64b5c69

BUILD.gn

@@ -1237,7 +1237,7 @@ if (is_win) {
     sources = [ "libcef_dll/sandbox/sandbox_win.cc" ]
     # CEF sources use include paths relative to the CEF root directory.
     include_dirs = [ "." ]
-    deps = [ "//sandbox" ]
+    deps = [ "libcef/features", "//sandbox" ]
   }
 }
 
@@ -1410,6 +1410,7 @@ repack("pak") {
     "$root_gen_dir/chrome/browser_resources.pak",
     "$root_gen_dir/chrome/dev_ui_browser_resources.pak",
     "$root_gen_dir/chrome/net_internals_resources.pak",
+    "$root_gen_dir/chrome/print_preview_pdf_resources.pak",
     "$root_gen_dir/chrome/print_preview_resources.pak",
     "$root_gen_dir/chrome/common_resources.pak",
     "$root_gen_dir/components/components_resources.pak",
@@ -1429,6 +1430,7 @@ repack("pak") {
     "//chrome/browser:dev_ui_browser_resources",
     "//chrome/browser:resources",
     "//chrome/browser/resources/net_internals:net_internals_resources",
+    "//chrome/browser/resources:print_preview_pdf_resources",
     "//chrome/browser/resources:print_preview_resources",
     "//chrome/common:resources",
     "//components/resources:components_resources",
@@ -1481,6 +1483,8 @@ make_pack_header("resources") {
     "$root_gen_dir/chrome/grit/component_extension_resources.h",
     "$root_gen_dir/chrome/grit/dev_ui_browser_resources.h",
     "$root_gen_dir/chrome/grit/net_internals_resources.h",
+    "$root_gen_dir/chrome/grit/print_preview_pdf_resources.h",
+    "$root_gen_dir/chrome/grit/print_preview_resources.h",
     "$root_gen_dir/chrome/grit/renderer_resources.h",
     "$root_gen_dir/components/grit/components_resources.h",
     "$root_gen_dir/components/grit/dev_ui_components_resources.h",

CHROMIUM_BUILD_COMPATIBILITY.txt

@@ -7,5 +7,6 @@
 # https://bitbucket.org/chromiumembedded/cef/wiki/BranchesAndBuilding
 
 {
-  'chromium_checkout': 'refs/tags/86.0.4240.0'
+  'chromium_checkout': 'refs/tags/86.0.4240.198',
+  'depot_tools_checkout': '5dba9c97fb'
 }

include/base/cef_weak_ptr.h

@@ -250,11 +250,11 @@ class WeakPtr : public cef_internal::WeakPtrBase {
   T* get() const { return ref_.is_valid() ? ptr_ : NULL; }
 
   T& operator*() const {
-    DCHECK(get() != NULL);
+    CHECK(ref_.is_valid());
     return *get();
   }
   T* operator->() const {
-    DCHECK(get() != NULL);
+    CHECK(ref_.is_valid());
     return get();
   }
 

include/capi/views/cef_display_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=422243fda6e1404222aca7bdd4e7b84b961a9626$
+// $hash=652ac7a90c6cd10b1cbc6ae99a549c03f36c794e$
 //
 
 #ifndef CEF_INCLUDE_CAPI_VIEWS_CEF_DISPLAY_CAPI_H_
@@ -50,9 +50,9 @@ extern "C" {
 // This structure typically, but not always, corresponds to a physical display
 // connected to the system. A fake Display may exist on a headless system, or a
 // Display may correspond to a remote, virtual display. All size and position
-// values are in density independent pixels (DIP) unless otherwise indicated.
-// Methods must be called on the browser process UI thread unless otherwise
-// indicated.
+// values are in density independent pixel (DIP) coordinates unless otherwise
+// indicated. Methods must be called on the browser process UI thread unless
+// otherwise indicated.
 ///
 typedef struct _cef_display_t {
   ///
@@ -74,27 +74,28 @@ typedef struct _cef_display_t {
   float(CEF_CALLBACK* get_device_scale_factor)(struct _cef_display_t* self);
 
   ///
-  // Convert |point| from density independent pixels (DIP) to pixel coordinates
-  // using this Display's device scale factor.
+  // Convert |point| from DIP coordinates to pixel coordinates using this
+  // Display's device scale factor.
   ///
   void(CEF_CALLBACK* convert_point_to_pixels)(struct _cef_display_t* self,
                                               cef_point_t* point);
 
   ///
-  // Convert |point| from pixel coordinates to density independent pixels (DIP)
-  // using this Display's device scale factor.
+  // Convert |point| from pixel coordinates to DIP coordinates using this
+  // Display's device scale factor.
   ///
   void(CEF_CALLBACK* convert_point_from_pixels)(struct _cef_display_t* self,
                                                 cef_point_t* point);
 
   ///
-  // Returns this Display's bounds. This is the full size of the display.
+  // Returns this Display's bounds in DIP screen coordinates. This is the full
+  // size of the display.
   ///
   cef_rect_t(CEF_CALLBACK* get_bounds)(struct _cef_display_t* self);
 
   ///
-  // Returns this Display's work area. This excludes areas of the display that
-  // are occupied for window manager toolbars, etc.
+  // Returns this Display's work area in DIP screen coordinates. This excludes
+  // areas of the display that are occupied with window manager toolbars, etc.
   ///
   cef_rect_t(CEF_CALLBACK* get_work_area)(struct _cef_display_t* self);
 
@@ -111,7 +112,7 @@ CEF_EXPORT cef_display_t* cef_display_get_primary();
 
 ///
 // Returns the Display nearest |point|. Set |input_pixel_coords| to true (1) if
-// |point| is in pixel coordinates instead of density independent pixels (DIP).
+// |point| is in pixel screen coordinates instead of DIP screen coordinates.
 ///
 CEF_EXPORT cef_display_t* cef_display_get_nearest_point(
     const cef_point_t* point,
@@ -119,8 +120,8 @@ CEF_EXPORT cef_display_t* cef_display_get_nearest_point(
 
 ///
 // Returns the Display that most closely intersects |bounds|.  Set
-// |input_pixel_coords| to true (1) if |bounds| is in pixel coordinates instead
-// of density independent pixels (DIP).
+// |input_pixel_coords| to true (1) if |bounds| is in pixel screen coordinates
+// instead of DIP screen coordinates.
 ///
 CEF_EXPORT cef_display_t* cef_display_get_matching_bounds(
     const cef_rect_t* bounds,

include/capi/views/cef_view_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=45b421dfcf8ee7cf61b1991a336bc65d33fbe10a$
+// $hash=55be3e44016d9861bb8e9270b52f2bf45c8a53f5$
 //
 
 #ifndef CEF_INCLUDE_CAPI_VIEWS_CEF_VIEW_CAPI_H_
@@ -176,64 +176,72 @@ typedef struct _cef_view_t {
                                                      int id);
 
   ///
-  // Sets the bounds (size and position) of this View. Position is in parent
-  // coordinates.
+  // Sets the bounds (size and position) of this View. |bounds| is in parent
+  // coordinates, or DIP screen coordinates if there is no parent.
   ///
   void(CEF_CALLBACK* set_bounds)(struct _cef_view_t* self,
                                  const cef_rect_t* bounds);
 
   ///
-  // Returns the bounds (size and position) of this View. Position is in parent
-  // coordinates.
+  // Returns the bounds (size and position) of this View in parent coordinates,
+  // or DIP screen coordinates if there is no parent.
   ///
   cef_rect_t(CEF_CALLBACK* get_bounds)(struct _cef_view_t* self);
 
   ///
-  // Returns the bounds (size and position) of this View. Position is in screen
+  // Returns the bounds (size and position) of this View in DIP screen
   // coordinates.
   ///
   cef_rect_t(CEF_CALLBACK* get_bounds_in_screen)(struct _cef_view_t* self);
 
   ///
-  // Sets the size of this View without changing the position.
+  // Sets the size of this View without changing the position. |size| in parent
+  // coordinates, or DIP screen coordinates if there is no parent.
   ///
   void(CEF_CALLBACK* set_size)(struct _cef_view_t* self,
                                const cef_size_t* size);
 
   ///
-  // Returns the size of this View.
+  // Returns the size of this View in parent coordinates, or DIP screen
+  // coordinates if there is no parent.
   ///
   cef_size_t(CEF_CALLBACK* get_size)(struct _cef_view_t* self);
 
   ///
   // Sets the position of this View without changing the size. |position| is in
-  // parent coordinates.
+  // parent coordinates, or DIP screen coordinates if there is no parent.
   ///
   void(CEF_CALLBACK* set_position)(struct _cef_view_t* self,
                                    const cef_point_t* position);
 
   ///
-  // Returns the position of this View. Position is in parent coordinates.
+  // Returns the position of this View. Position is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   cef_point_t(CEF_CALLBACK* get_position)(struct _cef_view_t* self);
 
   ///
   // Returns the size this View would like to be if enough space is available.
+  // Size is in parent coordinates, or DIP screen coordinates if there is no
+  // parent.
   ///
   cef_size_t(CEF_CALLBACK* get_preferred_size)(struct _cef_view_t* self);
 
   ///
-  // Size this View to its preferred size.
+  // Size this View to its preferred size. Size is in parent coordinates, or DIP
+  // screen coordinates if there is no parent.
   ///
   void(CEF_CALLBACK* size_to_preferred_size)(struct _cef_view_t* self);
 
   ///
-  // Returns the minimum size for this View.
+  // Returns the minimum size for this View. Size is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   cef_size_t(CEF_CALLBACK* get_minimum_size)(struct _cef_view_t* self);
 
   ///
-  // Returns the maximum size for this View.
+  // Returns the maximum size for this View. Size is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   cef_size_t(CEF_CALLBACK* get_maximum_size)(struct _cef_view_t* self);
 
@@ -327,21 +335,21 @@ typedef struct _cef_view_t {
   cef_color_t(CEF_CALLBACK* get_background_color)(struct _cef_view_t* self);
 
   ///
-  // Convert |point| from this View's coordinate system to that of the screen.
-  // This View must belong to a Window when calling this function. Returns true
-  // (1) if the conversion is successful or false (0) otherwise. Use
-  // cef_display_t::convert_point_to_pixels() after calling this function if
+  // Convert |point| from this View's coordinate system to DIP screen
+  // coordinates. This View must belong to a Window when calling this function.
+  // Returns true (1) if the conversion is successful or false (0) otherwise.
+  // Use cef_display_t::convert_point_to_pixels() after calling this function if
   // further conversion to display-specific pixel coordinates is desired.
   ///
   int(CEF_CALLBACK* convert_point_to_screen)(struct _cef_view_t* self,
                                              cef_point_t* point);
 
   ///
-  // Convert |point| to this View's coordinate system from that of the screen.
-  // This View must belong to a Window when calling this function. Returns true
-  // (1) if the conversion is successful or false (0) otherwise. Use
-  // cef_display_t::convert_point_from_pixels() before calling this function if
-  // conversion from display-specific pixel coordinates is necessary.
+  // Convert |point| to this View's coordinate system from DIP screen
+  // coordinates. This View must belong to a Window when calling this function.
+  // Returns true (1) if the conversion is successful or false (0) otherwise.
+  // Use cef_display_t::convert_point_from_pixels() before calling this function
+  // if conversion from display-specific pixel coordinates is necessary.
   ///
   int(CEF_CALLBACK* convert_point_from_screen)(struct _cef_view_t* self,
                                                cef_point_t* point);

include/capi/views/cef_window_delegate_capi.h

@@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=734a13cd5ad9b0af1b29e1e91b406dd5e6740dc4$
+// $hash=fee25d300df47c6143b935d0f99d543ea888f55c$
 //
 
 #ifndef CEF_INCLUDE_CAPI_VIEWS_CEF_WINDOW_DELEGATE_CAPI_H_
@@ -88,10 +88,12 @@ typedef struct _cef_window_delegate_t {
       int* can_activate_menu);
 
   ///
-  // Return the initial bounds for |window| in screen coordinates. If this
-  // function returns an NULL CefRect then get_preferred_size() will be called
-  // to retrieve the size, and the window will be placed on the default screen
-  // with origin (0,0).
+  // Return the initial bounds for |window| in density independent pixel (DIP)
+  // coordinates. If this function returns an NULL CefRect then
+  // get_preferred_size() will be called to retrieve the size, and the window
+  // will be placed on the screen with origin (0,0). This function can be used
+  // in combination with cef_view_t::get_bounds_in_screen() to restore the
+  // previous window bounds.
   ///
   cef_rect_t(CEF_CALLBACK* get_initial_bounds)(
       struct _cef_window_delegate_t* self,

include/views/cef_display.h

@@ -46,9 +46,9 @@
 // This class typically, but not always, corresponds to a physical display
 // connected to the system. A fake Display may exist on a headless system, or a
 // Display may correspond to a remote, virtual display. All size and position
-// values are in density independent pixels (DIP) unless otherwise indicated.
-// Methods must be called on the browser process UI thread unless otherwise
-// indicated.
+// values are in density independent pixel (DIP) coordinates unless otherwise
+// indicated. Methods must be called on the browser process UI thread unless
+// otherwise indicated.
 ///
 /*--cef(source=library)--*/
 class CefDisplay : public CefBaseRefCounted {
@@ -61,8 +61,7 @@ class CefDisplay : public CefBaseRefCounted {
 
   ///
   // Returns the Display nearest |point|. Set |input_pixel_coords| to true if
-  // |point| is in pixel coordinates instead of density independent pixels
-  // (DIP).
+  // |point| is in pixel screen coordinates instead of DIP screen coordinates.
   ///
   /*--cef()--*/
   static CefRefPtr<CefDisplay> GetDisplayNearestPoint(const CefPoint& point,
@@ -70,8 +69,8 @@ class CefDisplay : public CefBaseRefCounted {
 
   ///
   // Returns the Display that most closely intersects |bounds|.  Set
-  // |input_pixel_coords| to true if |bounds| is in pixel coordinates instead of
-  // density independent pixels (DIP).
+  // |input_pixel_coords| to true if |bounds| is in pixel screen coordinates
+  // instead of DIP screen coordinates.
   ///
   /*--cef()--*/
   static CefRefPtr<CefDisplay> GetDisplayMatchingBounds(
@@ -108,28 +107,29 @@ class CefDisplay : public CefBaseRefCounted {
   virtual float GetDeviceScaleFactor() = 0;
 
   ///
-  // Convert |point| from density independent pixels (DIP) to pixel coordinates
-  // using this Display's device scale factor.
+  // Convert |point| from DIP coordinates to pixel coordinates using this
+  // Display's device scale factor.
   ///
   /*--cef()--*/
   virtual void ConvertPointToPixels(CefPoint& point) = 0;
 
   ///
-  // Convert |point| from pixel coordinates to density independent pixels (DIP)
-  // using this Display's device scale factor.
+  // Convert |point| from pixel coordinates to DIP coordinates using this
+  // Display's device scale factor.
   ///
   /*--cef()--*/
   virtual void ConvertPointFromPixels(CefPoint& point) = 0;
 
   ///
-  // Returns this Display's bounds. This is the full size of the display.
+  // Returns this Display's bounds in DIP screen coordinates. This is the full
+  // size of the display.
   ///
   /*--cef()--*/
   virtual CefRect GetBounds() = 0;
 
   ///
-  // Returns this Display's work area. This excludes areas of the display that
-  // are occupied for window manager toolbars, etc.
+  // Returns this Display's work area in DIP screen coordinates. This excludes
+  // areas of the display that are occupied with window manager toolbars, etc.
   ///
   /*--cef()--*/
   virtual CefRect GetWorkArea() = 0;

include/views/cef_view.h

@@ -174,71 +174,79 @@ class CefView : public CefBaseRefCounted {
   virtual CefRefPtr<CefView> GetViewForID(int id) = 0;
 
   ///
-  // Sets the bounds (size and position) of this View. Position is in parent
-  // coordinates.
+  // Sets the bounds (size and position) of this View. |bounds| is in parent
+  // coordinates, or DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual void SetBounds(const CefRect& bounds) = 0;
 
   ///
-  // Returns the bounds (size and position) of this View. Position is in parent
-  // coordinates.
+  // Returns the bounds (size and position) of this View in parent coordinates,
+  // or DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual CefRect GetBounds() = 0;
 
   ///
-  // Returns the bounds (size and position) of this View. Position is in screen
+  // Returns the bounds (size and position) of this View in DIP screen
   // coordinates.
   ///
   /*--cef()--*/
   virtual CefRect GetBoundsInScreen() = 0;
 
   ///
-  // Sets the size of this View without changing the position.
+  // Sets the size of this View without changing the position. |size| in
+  // parent coordinates, or DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual void SetSize(const CefSize& size) = 0;
 
   ///
-  // Returns the size of this View.
+  // Returns the size of this View in parent coordinates, or DIP screen
+  // coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual CefSize GetSize() = 0;
 
   ///
   // Sets the position of this View without changing the size. |position| is in
-  // parent coordinates.
+  // parent coordinates, or DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual void SetPosition(const CefPoint& position) = 0;
 
   ///
-  // Returns the position of this View. Position is in parent coordinates.
+  // Returns the position of this View. Position is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual CefPoint GetPosition() = 0;
 
   ///
   // Returns the size this View would like to be if enough space is available.
+  // Size is in parent coordinates, or DIP screen coordinates if there is no
+  // parent.
   ///
   /*--cef()--*/
   virtual CefSize GetPreferredSize() = 0;
 
   ///
-  // Size this View to its preferred size.
+  // Size this View to its preferred size. Size is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual void SizeToPreferredSize() = 0;
 
   ///
-  // Returns the minimum size for this View.
+  // Returns the minimum size for this View. Size is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual CefSize GetMinimumSize() = 0;
 
   ///
-  // Returns the maximum size for this View.
+  // Returns the maximum size for this View. Size is in parent coordinates, or
+  // DIP screen coordinates if there is no parent.
   ///
   /*--cef()--*/
   virtual CefSize GetMaximumSize() = 0;
@@ -345,9 +353,9 @@ class CefView : public CefBaseRefCounted {
   virtual cef_color_t GetBackgroundColor() = 0;
 
   ///
-  // Convert |point| from this View's coordinate system to that of the screen.
-  // This View must belong to a Window when calling this method. Returns true
-  // if the conversion is successful or false otherwise. Use
+  // Convert |point| from this View's coordinate system to DIP screen
+  // coordinates. This View must belong to a Window when calling this method.
+  // Returns true if the conversion is successful or false otherwise. Use
   // CefDisplay::ConvertPointToPixels() after calling this method if further
   // conversion to display-specific pixel coordinates is desired.
   ///
@@ -355,9 +363,9 @@ class CefView : public CefBaseRefCounted {
   virtual bool ConvertPointToScreen(CefPoint& point) = 0;
 
   ///
-  // Convert |point| to this View's coordinate system from that of the screen.
-  // This View must belong to a Window when calling this method. Returns true if
-  // the conversion is successful or false otherwise. Use
+  // Convert |point| to this View's coordinate system from DIP screen
+  // coordinates. This View must belong to a Window when calling this method.
+  // Returns true if the conversion is successful or false otherwise. Use
   // CefDisplay::ConvertPointFromPixels() before calling this method if
   // conversion from display-specific pixel coordinates is necessary.
   ///

include/views/cef_window_delegate.h

@@ -79,10 +79,12 @@ class CefWindowDelegate : public CefPanelDelegate {
   }
 
   ///
-  // Return the initial bounds for |window| in screen coordinates. If this
-  // method returns an empty CefRect then GetPreferredSize() will be called to
-  // retrieve the size, and the window will be placed on the default screen with
-  // origin (0,0).
+  // Return the initial bounds for |window| in density independent pixel (DIP)
+  // coordinates. If this method returns an empty CefRect then
+  // GetPreferredSize() will be called to retrieve the size, and the window will
+  // be placed on the screen with origin (0,0). This method can be used in
+  // combination with CefView::GetBoundsInScreen() to restore the previous
+  // window bounds.
   ///
   /*--cef()--*/
   virtual CefRect GetInitialBounds(CefRefPtr<CefWindow> window) {

libcef/browser/alloy/alloy_browser_context.cc

@@ -21,6 +21,7 @@
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "chrome/browser/font_family_cache.h"
+#include "chrome/browser/media/media_device_id_salt.h"
 #include "chrome/browser/plugins/chrome_plugin_service_filter.h"
 #include "chrome/browser/profiles/profile_key.h"
 #include "chrome/browser/ui/zoom/chrome_zoom_level_prefs.h"
@@ -168,6 +169,8 @@ void AlloyBrowserContext::Initialize() {
     extension_system_->Init();
 
   ChromePluginServiceFilter::GetInstance()->RegisterProfile(this);
+
+  media_device_id_salt_ = new MediaDeviceIDSalt(pref_service);
 }
 
 void AlloyBrowserContext::Shutdown() {
@@ -397,6 +400,10 @@ AlloyBrowserContext::GetBrowsingDataRemoverDelegate() {
   return nullptr;
 }
 
+std::string AlloyBrowserContext::GetMediaDeviceIDSalt() {
+  return media_device_id_salt_->GetSalt();
+}
+
 PrefService* AlloyBrowserContext::GetPrefs() {
   return pref_service_.get();
 }

libcef/browser/alloy/alloy_browser_context.h

@@ -18,6 +18,7 @@
 class CefDownloadManagerDelegate;
 class CefSSLHostStateDelegate;
 class CefVisitedLinkListener;
+class MediaDeviceIDSalt;
 class PrefService;
 
 namespace extensions {
@@ -80,6 +81,7 @@ class AlloyBrowserContext : public ChromeProfileAlloy,
   content::BackgroundSyncController* GetBackgroundSyncController() override;
   content::BrowsingDataRemoverDelegate* GetBrowsingDataRemoverDelegate()
       override;
+  std::string GetMediaDeviceIDSalt() override;
 
   // Profile overrides.
   ChromeZoomLevelPrefs* GetZoomLevelPrefs() override;
@@ -103,7 +105,7 @@ class AlloyBrowserContext : public ChromeProfileAlloy,
     return !!settings_.persist_session_cookies;
   }
   base::Optional<std::vector<std::string>> GetCookieableSchemes() override {
-    return cookieable_schemes_;
+    return cookieable_schemes();
   }
 
   // visitedlink::VisitedLinkDelegate methods.
@@ -140,6 +142,8 @@ class AlloyBrowserContext : public ChromeProfileAlloy,
 
   std::unique_ptr<content::ResourceContext> resource_context_;
 
+  scoped_refptr<MediaDeviceIDSalt> media_device_id_salt_;
+
   DISALLOW_COPY_AND_ASSIGN(AlloyBrowserContext);
 };
 

libcef/browser/alloy/alloy_content_browser_client.cc

@@ -51,6 +51,7 @@
 #include "cef/grit/cef_resources.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_content_browser_client.h"
+#include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/net/system_network_context_manager.h"
 #include "chrome/browser/plugins/plugin_info_host_impl.h"
 #include "chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.h"
@@ -69,6 +70,7 @@
 #include "chrome/grit/browser_resources.h"
 #include "chrome/grit/generated_resources.h"
 #include "chrome/services/printing/printing_service.h"
+#include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/navigation_interception/intercept_navigation_throttle.h"
 #include "components/navigation_interception/navigation_params.h"
 #include "components/spellcheck/common/spellcheck.mojom.h"
@@ -1042,6 +1044,13 @@ void AlloyContentBrowserClient::OverrideWebkitPrefs(
   }
 }
 
+bool AlloyContentBrowserClient::OverrideWebPreferencesAfterNavigation(
+    content::WebContents* web_contents,
+    content::WebPreferences* prefs) {
+  return renderer_prefs::PopulateWebPreferencesAfterNavigation(web_contents,
+                                                               *prefs);
+}
+
 void AlloyContentBrowserClient::BrowserURLHandlerCreated(
     content::BrowserURLHandler* handler) {
   scheme::BrowserURLHandlerCreated(handler);
@@ -1462,6 +1471,17 @@ AlloyContentBrowserClient::GetPluginMimeTypesWithExternalHandlers(
   return mime_types;
 }
 
+bool AlloyContentBrowserClient::ArePersistentMediaDeviceIDsAllowed(
+    content::BrowserContext* browser_context,
+    const GURL& url,
+    const GURL& site_for_cookies,
+    const base::Optional<url::Origin>& top_frame_origin) {
+  // Persistent MediaDevice IDs are allowed if cookies are allowed.
+  return CookieSettingsFactory::GetForProfile(
+             Profile::FromBrowserContext(browser_context))
+      ->IsCookieAccessAllowed(url, site_for_cookies, top_frame_origin);
+}
+
 bool AlloyContentBrowserClient::ShouldAllowPluginCreation(
     const url::Origin& embedder_origin,
     const content::PepperPluginInfo& plugin_info) {

libcef/browser/alloy/alloy_content_browser_client.h

@@ -103,6 +103,9 @@ class AlloyContentBrowserClient : public content::ContentBrowserClient {
                        bool* no_javascript_access) override;
   void OverrideWebkitPrefs(content::RenderViewHost* rvh,
                            content::WebPreferences* prefs) override;
+  bool OverrideWebPreferencesAfterNavigation(
+      content::WebContents* web_contents,
+      content::WebPreferences* prefs) override;
   void BrowserURLHandlerCreated(content::BrowserURLHandler* handler) override;
   std::string GetDefaultDownloadName() override;
   void DidCreatePpapiPlugin(content::BrowserPpapiHost* browser_host) override;
@@ -206,6 +209,11 @@ class AlloyContentBrowserClient : public content::ContentBrowserClient {
   blink::UserAgentMetadata GetUserAgentMetadata() override;
   base::flat_set<std::string> GetPluginMimeTypesWithExternalHandlers(
       content::BrowserContext* browser_context) override;
+  bool ArePersistentMediaDeviceIDsAllowed(
+      content::BrowserContext* browser_context,
+      const GURL& scope,
+      const GURL& site_for_cookies,
+      const base::Optional<url::Origin>& top_frame_origin) override;
   bool ShouldAllowPluginCreation(
       const url::Origin& embedder_origin,
       const content::PepperPluginInfo& plugin_info) override;

libcef/browser/browser_context.h

@@ -196,10 +196,11 @@ class CefBrowserContext {
 
   CefMediaRouterManager* GetMediaRouterManager();
 
-  void set_cookieable_schemes(
-      base::Optional<std::vector<std::string>> schemes) {
+  using CookieableSchemes = base::Optional<std::vector<std::string>>;
+  void set_cookieable_schemes(const CookieableSchemes& schemes) {
     cookieable_schemes_ = schemes;
   }
+  CookieableSchemes cookieable_schemes() const { return cookieable_schemes_; }
 
   // These accessors are safe to call from any thread because the values don't
   // change during this object's lifespan.
@@ -227,10 +228,9 @@ class CefBrowserContext {
   const CefRequestContextSettings settings_;
   base::FilePath cache_path_;
 
-  base::Optional<std::vector<std::string>> cookieable_schemes_;
-
  private:
   std::unique_ptr<CefIOThreadState> iothread_state_;
+  CookieableSchemes cookieable_schemes_;
   std::unique_ptr<CefMediaRouterManager> media_router_manager_;
 
   // CefRequestContextImpl objects referencing this object.

libcef/browser/native/browser_platform_delegate_native.h

@@ -62,7 +62,6 @@ class CefBrowserPlatformDelegateNative
   void set_windowless_handler(WindowlessHandler* handler) {
     windowless_handler_ = handler;
   }
-  void set_browser(CefBrowserHostImpl* browser) { browser_ = browser; }
 
   CefWindowInfo window_info_;
   const SkColor background_color_;

libcef/browser/native/browser_platform_delegate_native_aura.cc

@@ -225,6 +225,8 @@ int CefBrowserPlatformDelegateNativeAura::TranslateUiChangedButtonFlags(
 
 content::RenderWidgetHostViewAura*
 CefBrowserPlatformDelegateNativeAura::GetHostView() const {
+  if (!web_contents_)
+    return nullptr;
   return static_cast<content::RenderWidgetHostViewAura*>(
       web_contents_->GetRenderWidgetHostView());
 }

libcef/browser/net_service/cookie_helper.cc

@@ -17,6 +17,7 @@
 #include "services/network/public/cpp/resource_request.h"
 
 namespace net_service {
+namespace cookie_helper {
 
 namespace {
 
@@ -137,6 +138,28 @@ void SaveCookiesOnUIThread(content::BrowserContext* browser_context,
 
 }  // namespace
 
+bool IsCookieableScheme(
+    const GURL& url,
+    const base::Optional<std::vector<std::string>>& cookieable_schemes) {
+  if (!url.has_scheme())
+    return false;
+
+  if (cookieable_schemes) {
+    // The client has explicitly registered the full set of schemes that should
+    // be supported.
+    const auto url_scheme = url.scheme_piece();
+    for (auto scheme : *cookieable_schemes) {
+      if (url_scheme == scheme)
+        return true;
+    }
+    return false;
+  }
+
+  // Schemes that support cookies by default.
+  // This should match CookieMonster::kDefaultCookieableSchemes.
+  return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsWSOrWSS();
+}
+
 void LoadCookies(content::BrowserContext* browser_context,
                  const network::ResourceRequest& request,
                  const AllowCookieCallback& allow_cookie_callback,
@@ -228,4 +251,5 @@ void SaveCookies(content::BrowserContext* browser_context,
   }
 }
 
+}  // namespace cookie_helper
 }  // namespace net_service

libcef/browser/net_service/cookie_helper.h

@@ -21,6 +21,14 @@ struct ResourceRequest;
 }  // namespace network
 
 namespace net_service {
+namespace cookie_helper {
+
+// Returns true if the scheme for |url| supports cookies. |cookieable_schemes|
+// is the optional list of schemes that the client has explicitly registered as
+// cookieable, which may intentionally exclude standard schemes.
+bool IsCookieableScheme(
+    const GURL& url,
+    const base::Optional<std::vector<std::string>>& cookieable_schemes);
 
 using AllowCookieCallback =
     base::Callback<void(const net::CanonicalCookie&, bool* /* allow */)>;
@@ -52,6 +60,7 @@ void SaveCookies(content::BrowserContext* browser_context,
                  const AllowCookieCallback& allow_cookie_callback,
                  DoneCookieCallback done_callback);
 
+}  // namespace cookie_helper
 }  // namespace net_service
 
 #endif  // CEF_LIBCEF_BROWSER_NET_SERVICE_COOKIE_HELPER_H_

libcef/browser/net_service/proxy_url_loader_factory.cc

@@ -20,6 +20,7 @@
 #include "content/public/browser/web_contents.h"
 #include "mojo/public/cpp/base/big_buffer.h"
 #include "net/http/http_status_code.h"
+#include "net/url_request/redirect_util.h"
 #include "net/url_request/url_request.h"
 #include "services/network/public/cpp/cors/cors.h"
 #include "services/network/public/cpp/features.h"
@@ -130,6 +131,43 @@ class ResourceContextData : public base::SupportsUserData::Data {
   DISALLOW_COPY_AND_ASSIGN(ResourceContextData);
 };
 
+// CORS preflight requests are handled in the network process, so we just need
+// to continue all of the callbacks and then delete ourself.
+class CorsPreflightRequest : public network::mojom::TrustedHeaderClient {
+ public:
+  explicit CorsPreflightRequest(
+      mojo::PendingReceiver<network::mojom::TrustedHeaderClient> receiver)
+      : weak_factory_(this) {
+    header_client_receiver_.Bind(std::move(receiver));
+
+    header_client_receiver_.set_disconnect_handler(base::BindOnce(
+        &CorsPreflightRequest::OnDestroy, weak_factory_.GetWeakPtr()));
+  }
+
+  // mojom::TrustedHeaderClient methods:
+  void OnBeforeSendHeaders(const net::HttpRequestHeaders& headers,
+                           OnBeforeSendHeadersCallback callback) override {
+    std::move(callback).Run(net::OK, base::nullopt);
+  }
+
+  void OnHeadersReceived(const std::string& headers,
+                         const net::IPEndPoint& remote_endpoint,
+                         OnHeadersReceivedCallback callback) override {
+    std::move(callback).Run(net::OK, base::nullopt, GURL());
+    OnDestroy();
+  }
+
+ private:
+  void OnDestroy() { delete this; }
+
+  mojo::Receiver<network::mojom::TrustedHeaderClient> header_client_receiver_{
+      this};
+
+  base::WeakPtrFactory<CorsPreflightRequest> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(CorsPreflightRequest);
+};
+
 //==============================
 // InterceptedRequest
 //=============================
@@ -884,37 +922,46 @@ void InterceptedRequest::ContinueToBeforeRedirect(
   if (proxied_client_binding_)
     proxied_client_binding_.ResumeIncomingMethodCallProcessing();
 
+  const auto original_url = request_.url;
+  const auto original_method = request_.method;
+
+  net::RedirectInfo new_redirect_info = redirect_info;
   if (redirect_url.is_valid()) {
-    net::RedirectInfo new_redirect_info = redirect_info;
     new_redirect_info.new_url = redirect_url;
-    target_client_->OnReceiveRedirect(new_redirect_info,
-                                      std::move(current_response_));
-    request_.url = redirect_url;
-  } else {
-    target_client_->OnReceiveRedirect(redirect_info,
-                                      std::move(current_response_));
-    request_.url = redirect_info.new_url;
+    new_redirect_info.new_site_for_cookies =
+        net::SiteForCookies::FromUrl(redirect_url);
   }
 
-  // If request_ changes from POST to GET, strip POST headers.
-  const bool post_to_get =
-      request_.method == "POST" &&
-      redirect_info.new_method == net::HttpRequestHeaders::kGetMethod;
+  target_client_->OnReceiveRedirect(new_redirect_info,
+                                    std::move(current_response_));
 
-  request_.method = redirect_info.new_method;
-  request_.site_for_cookies = redirect_info.new_site_for_cookies;
-  request_.referrer = GURL(redirect_info.new_referrer);
-  request_.referrer_policy = redirect_info.new_referrer_policy;
+  request_.url = new_redirect_info.new_url;
+  request_.method = new_redirect_info.new_method;
+  request_.site_for_cookies = new_redirect_info.new_site_for_cookies;
+  request_.referrer = GURL(new_redirect_info.new_referrer);
+  request_.referrer_policy = new_redirect_info.new_referrer_policy;
 
-  // The request method can be changed to "GET". In this case we need to
-  // reset the request body manually, and strip the POST headers.
-  if (request_.method == net::HttpRequestHeaders::kGetMethod) {
+  if (request_.trusted_params) {
+    request_.trusted_params->isolation_info =
+        request_.trusted_params->isolation_info.CreateForRedirect(
+            url::Origin::Create(request_.url));
+  }
+
+  // Remove existing Cookie headers. They may be re-added after Restart().
+  const std::vector<std::string> remove_headers{
+      net::HttpRequestHeaders::kCookie};
+
+  // Use common logic for sanitizing request headers including Origin and
+  // Content-*.
+  bool should_clear_upload;
+  net::RedirectUtil::UpdateHttpRequest(original_url, original_method,
+                                       new_redirect_info,
+                                       base::make_optional(remove_headers),
+                                       /*modified_headers=*/base::nullopt,
+                                       &request_.headers, &should_clear_upload);
+
+  if (should_clear_upload) {
     request_.request_body = nullptr;
-
-    if (post_to_get) {
-      request_.headers.RemoveHeader(net::HttpRequestHeaders::kContentLength);
-      request_.headers.RemoveHeader(net::HttpRequestHeaders::kContentType);
-    }
   }
 }
 
@@ -1292,10 +1339,10 @@ void ProxyURLLoaderFactory::OnLoaderCreated(
 }
 
 void ProxyURLLoaderFactory::OnLoaderForCorsPreflightCreated(
-    const ::network::ResourceRequest& request,
-    mojo::PendingReceiver<network::mojom::TrustedHeaderClient> header_client) {
+    const network::ResourceRequest& request,
+    mojo::PendingReceiver<network::mojom::TrustedHeaderClient> receiver) {
   CEF_REQUIRE_IOT();
-  // TODO(cef): Should we do something here?
+  new CorsPreflightRequest(std::move(receiver));
 }
 
 void ProxyURLLoaderFactory::OnTargetFactoryError() {

libcef/browser/net_service/proxy_url_loader_factory.h

@@ -168,8 +168,8 @@ class ProxyURLLoaderFactory
       mojo::PendingReceiver<network::mojom::TrustedHeaderClient> receiver)
       override;
   void OnLoaderForCorsPreflightCreated(
-      const ::network::ResourceRequest& request,
-      mojo::PendingReceiver<network::mojom::TrustedHeaderClient> header_client)
+      const network::ResourceRequest& request,
+      mojo::PendingReceiver<network::mojom::TrustedHeaderClient> receiver)
       override;
 
  private:

libcef/browser/net_service/resource_request_handler_wrapper.cc

@@ -264,6 +264,7 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
           CefBrowserContext::FromBrowserContext(browser_context);
       iothread_state_ = cef_browser_context->iothread_state();
       DCHECK(iothread_state_);
+      cookieable_schemes_ = cef_browser_context->cookieable_schemes();
 
       // We register to be notified of CEF context or browser destruction so
       // that we can stop accepting new requests and cancel pending/in-progress
@@ -312,6 +313,7 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
     CefRefPtr<CefBrowserHostImpl> browser_;
     CefRefPtr<CefFrame> frame_;
     CefIOThreadState* iothread_state_ = nullptr;
+    CefBrowserContext::CookieableSchemes cookieable_schemes_;
     int render_process_id_ = 0;
     int render_frame_id_ = -1;
     int frame_tree_node_id_ = -1;
@@ -487,6 +489,13 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
                         base::OnceClosure callback) {
     CEF_REQUIRE_IOT();
 
+    if (!cookie_helper::IsCookieableScheme(request->url,
+                                           init_state_->cookieable_schemes_)) {
+      // The scheme does not support cookies.
+      std::move(callback).Run();
+      return;
+    }
+
     // We need to load/save cookies ourselves for custom-handled requests, or
     // if we're using a cookie filter.
     auto allow_cookie_callback =
@@ -499,9 +508,9 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
     auto done_cookie_callback = base::BindOnce(
         &InterceptedRequestHandlerWrapper::ContinueWithLoadedCookies,
         weak_ptr_factory_.GetWeakPtr(), id, request, std::move(callback));
-    net_service::LoadCookies(init_state_->browser_context_, *request,
-                             allow_cookie_callback,
-                             std::move(done_cookie_callback));
+    cookie_helper::LoadCookies(init_state_->browser_context_, *request,
+                               allow_cookie_callback,
+                               std::move(done_cookie_callback));
   }
 
   static void AllowCookieAlways(const net::CanonicalCookie& cookie,
@@ -850,6 +859,13 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
       return;
     }
 
+    if (!cookie_helper::IsCookieableScheme(request->url,
+                                           init_state_->cookieable_schemes_)) {
+      // The scheme does not support cookies.
+      std::move(callback).Run();
+      return;
+    }
+
     // We need to load/save cookies ourselves for custom-handled requests, or
     // if we're using a cookie filter.
     auto allow_cookie_callback =
@@ -862,9 +878,9 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
     auto done_cookie_callback = base::BindOnce(
         &InterceptedRequestHandlerWrapper::ContinueWithSavedCookies,
         weak_ptr_factory_.GetWeakPtr(), id, std::move(callback));
-    net_service::SaveCookies(init_state_->browser_context_, *request, headers,
-                             allow_cookie_callback,
-                             std::move(done_cookie_callback));
+    cookie_helper::SaveCookies(init_state_->browser_context_, *request, headers,
+                               allow_cookie_callback,
+                               std::move(done_cookie_callback));
   }
 
   void AllowCookieSave(const RequestId& id,

libcef/browser/prefs/browser_prefs.cc

@@ -18,6 +18,7 @@
 #include "base/values.h"
 #include "chrome/browser/accessibility/accessibility_ui.h"
 #include "chrome/browser/download/download_prefs.h"
+#include "chrome/browser/media/media_device_id_salt.h"
 #include "chrome/browser/media/router/media_router_feature.h"
 #include "chrome/browser/net/prediction_options.h"
 #include "chrome/browser/net/profile_network_context_service.h"
@@ -230,6 +231,7 @@ std::unique_ptr<PrefService> CreatePrefService(Profile* profile,
     HostContentSettingsMap::RegisterProfilePrefs(registry.get());
     language::LanguagePrefs::RegisterProfilePrefs(registry.get());
     media_router::RegisterProfilePrefs(registry.get());
+    MediaDeviceIDSalt::RegisterProfilePrefs(registry.get());
     ProfileNetworkContextService::RegisterProfilePrefs(registry.get());
 
     const std::string& locale =

libcef/browser/prefs/renderer_prefs.cc

@@ -21,6 +21,7 @@
 #include "chrome/browser/font_family_cache.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/prefs/prefs_tab_helper.h"
+#include "chrome/common/chrome_features.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "components/pref_registry/pref_registry_syncable.h"
@@ -31,12 +32,14 @@
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/url_constants.h"
 #include "content/public/common/web_preferences.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/view_type_utils.h"
 #include "extensions/common/constants.h"
 #include "media/media_buildflags.h"
 #include "third_party/blink/public/common/peerconnection/webrtc_ip_handling_policy.h"
+#include "ui/native_theme/native_theme.h"
 
 namespace renderer_prefs {
 
@@ -273,6 +276,25 @@ void SetBool(CommandLinePrefStore* prefs, const std::string& key, bool value) {
                   WriteablePrefStore::DEFAULT_PREF_WRITE_FLAGS);
 }
 
+// From chrome/browser/chrome_content_browser_client.cc
+bool UpdatePreferredColorSchemesBasedOnURLIfNeeded(
+    content::WebPreferences* web_prefs,
+    const GURL& url) {
+  // Force a light preferred color scheme on certain URLs if kWebUIDarkMode is
+  // disabled; some of the UI is not yet correctly themed.
+  if (base::FeatureList::IsEnabled(features::kWebUIDarkMode))
+    return false;
+  bool force_light = url.SchemeIs(content::kChromeUIScheme);
+  if (!force_light && extensions::ExtensionsEnabled()) {
+    force_light = url.SchemeIs(extensions::kExtensionScheme) &&
+                  url.host_piece() == extension_misc::kPdfExtensionId;
+  }
+  auto old_preferred_color_scheme = web_prefs->preferred_color_scheme;
+  if (force_light)
+    web_prefs->preferred_color_scheme = blink::PreferredColorScheme::kLight;
+  return old_preferred_color_scheme != web_prefs->preferred_color_scheme;
+}
+
 }  // namespace
 
 void SetCommandLinePrefDefaults(CommandLinePrefStore* prefs) {
@@ -304,6 +326,8 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry,
       prefs::kEnableDoNotTrack, false,
       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
   registry->RegisterBooleanPref(prefs::kCaretBrowsingEnabled, false);
+  registry->RegisterBooleanPref(prefs::kCloudPrintDeprecationWarningsSuppressed,
+                                false);
 
   // TODO(guoweis): Remove next 2 options at M50.
   registry->RegisterBooleanPref(prefs::kWebRTCMultipleRoutesEnabled, true);
@@ -340,6 +364,19 @@ void PopulateWebPreferences(content::RenderViewHost* rvh,
     SetChromePrefs(profile, web);
   }
 
+  auto* native_theme = ui::NativeTheme::GetInstanceForWeb();
+  switch (native_theme->GetPreferredColorScheme()) {
+    case ui::NativeTheme::PreferredColorScheme::kDark:
+      web.preferred_color_scheme = blink::PreferredColorScheme::kDark;
+      break;
+    case ui::NativeTheme::PreferredColorScheme::kLight:
+      web.preferred_color_scheme = blink::PreferredColorScheme::kLight;
+      break;
+  }
+
+  UpdatePreferredColorSchemesBasedOnURLIfNeeded(
+      &web, rvh->GetSiteInstance()->GetSiteURL());
+
   // Set preferences based on the extension.
   SetExtensionPrefs(rvh, web);
 
@@ -359,4 +396,10 @@ void PopulateWebPreferences(content::RenderViewHost* rvh,
   }
 }
 
+bool PopulateWebPreferencesAfterNavigation(content::WebContents* web_contents,
+                                           content::WebPreferences& web) {
+  return UpdatePreferredColorSchemesBasedOnURLIfNeeded(
+      &web, web_contents->GetLastCommittedURL());
+}
+
 }  // namespace renderer_prefs

libcef/browser/prefs/renderer_prefs.h

@@ -12,6 +12,7 @@ class CommandLinePrefStore;
 
 namespace content {
 class RenderViewHost;
+class WebContents;
 struct WebPreferences;
 }  // namespace content
 
@@ -34,6 +35,8 @@ void SetCommandLinePrefDefaults(CommandLinePrefStore* prefs);
 // PrefService and CefBrowserSettings.
 void PopulateWebPreferences(content::RenderViewHost* rvh,
                             content::WebPreferences& web);
+bool PopulateWebPreferencesAfterNavigation(content::WebContents* web_contents,
+                                           content::WebPreferences& web);
 
 }  // namespace renderer_prefs
 

libcef/browser/views/browser_platform_delegate_views.cc

@@ -69,15 +69,21 @@ void CefBrowserPlatformDelegateViews::WebContentsCreated(
     content::WebContents* web_contents,
     bool owned) {
   CefBrowserPlatformDelegateAlloy::WebContentsCreated(web_contents, owned);
-
+  native_delegate_->WebContentsCreated(web_contents, /*owned=*/false);
   browser_view_->WebContentsCreated(web_contents);
 }
 
+void CefBrowserPlatformDelegateViews::WebContentsDestroyed(
+    content::WebContents* web_contents) {
+  CefBrowserPlatformDelegateAlloy::WebContentsDestroyed(web_contents);
+  native_delegate_->WebContentsDestroyed(web_contents);
+}
+
 void CefBrowserPlatformDelegateViews::BrowserCreated(
     CefBrowserHostImpl* browser) {
   CefBrowserPlatformDelegateAlloy::BrowserCreated(browser);
 
-  native_delegate_->set_browser(browser);
+  native_delegate_->BrowserCreated(browser);
   browser_view_->BrowserCreated(browser, GetBoundsChangedCallback());
 }
 
@@ -99,9 +105,9 @@ void CefBrowserPlatformDelegateViews::BrowserDestroyed(
     CefBrowserHostImpl* browser) {
   CefBrowserPlatformDelegateAlloy::BrowserDestroyed(browser);
 
-  native_delegate_->set_browser(nullptr);
   browser_view_->BrowserDestroyed(browser);
   browser_view_ = nullptr;
+  native_delegate_->BrowserDestroyed(browser);
 }
 
 bool CefBrowserPlatformDelegateViews::CreateHostWindow() {

libcef/browser/views/browser_platform_delegate_views.h

@@ -23,6 +23,7 @@ class CefBrowserPlatformDelegateViews
   // CefBrowserPlatformDelegate methods:
   void WebContentsCreated(content::WebContents* web_contents,
                           bool owned) override;
+  void WebContentsDestroyed(content::WebContents* web_contents) override;
   void BrowserCreated(CefBrowserHostImpl* browser) override;
   void NotifyBrowserCreated() override;
   void NotifyBrowserDestroyed() override;

libcef_dll/sandbox/sandbox_win.cc

@@ -6,6 +6,7 @@
 #include "sandbox/win/src/process_mitigations.h"
 #include "sandbox/win/src/sandbox_factory.h"
 
+#include "cef/libcef/features/features.h"
 #include "include/cef_sandbox_win.h"
 
 namespace {
@@ -39,6 +40,7 @@ void cef_sandbox_info_destroy(void* sandbox_info) {
   delete static_cast<sandbox::SandboxInterfaceInfo*>(sandbox_info);
 }
 
+#if BUILDFLAG(IS_CEF_SANDBOX_BUILD)
 // Implementation from third_party/abseil-cpp/absl/types/bad_variant_access.cc
 // to avoid bringing in absl dependencies.
 namespace absl {
@@ -48,3 +50,4 @@ void ThrowBadVariantAccess() {
 }
 }  // namespace variant_internal
 }  // namespace absl
+#endif  // BUILDFLAG(IS_CEF_SANDBOX_BUILD)

patch/patch.cfg

@@ -107,7 +107,10 @@ patches = [
     #
     # Support configuration of RWHVGuest device scale factor.
     # https://bitbucket.org/chromiumembedded/cef/issues/2078
-    'name': 'views_widget_180_1481_1565_1677_1749',
+    #
+    # Windows: Fix focus assignment when clicking WebView with external parent.
+    # https://bitbucket.org/chromiumembedded/cef/issues/3031
+    'name': 'views_widget',
   },
   {
     # Allow specification of a custom WebContentsView.
@@ -253,7 +256,7 @@ patches = [
     'name': 'chrome_browser_product_override',
   },
   {
-    # Fix Jumbo/component build dependency issue.
+    # Fix build dependency issues.
     'name': 'chrome_browser_safe_browsing',
   },
   {
@@ -354,11 +357,6 @@ patches = [
     # https://bitbucket.org/chromiumembedded/cef/issues/2274
     'name': 'win_rt_2274',
   },
-  {
-    # Fix DCHECK running OSRTest.DragDropUpdateCursor.
-    # https://bugs.chromium.org/p/chromium/issues/detail?id=781966
-    'name': 'webkit_pointer_event_781966',
-  },
   {
     # macOS: Fix undesirable switch to discrete GPU during startup.
     # https://bitbucket.org/chromiumembedded/cef/issues/2398
@@ -512,11 +510,6 @@ patches = [
     # https://bugs.chromium.org/p/chromium/issues/detail?id=1100085
     'name': 'chrome_browser_background_mode_1100085',
   },
-  {
-    # Windows: Fix flickering issue with GPU rendering.
-    # https://bugs.chromium.org/p/chromium/issues/detail?id=1123950
-    'name': 'ui_gl_utils_1123950',
-  },
   {
     # Windows: Fix cef_sandbox compile error due to missing include.
     # Fixed by the below change in more recent Chromium versions.

patch/patches/build.patch

@@ -1,8 +1,8 @@
 diff --git build/config/compiler/BUILD.gn build/config/compiler/BUILD.gn
-index 8166e38ceda5..178099b1ac62 100644
+index bafffe27168d..9ab64460ae3c 100644
 --- build/config/compiler/BUILD.gn
 +++ build/config/compiler/BUILD.gn
-@@ -1767,8 +1767,6 @@ config("thin_archive") {
+@@ -1771,8 +1771,6 @@ config("thin_archive") {
    # archive names to 16 characters, which is not what we want).
    if ((is_posix && !is_nacl && !is_mac && !is_ios) || is_fuchsia) {
      arflags = [ "-T" ]

patch/patches/chrome_browser.patch

@@ -1,5 +1,5 @@
 diff --git chrome/browser/BUILD.gn chrome/browser/BUILD.gn
-index 6cb9ee1f0764..8109a134907e 100644
+index 98ae3acaf7cf..f9a7ec7f44b4 100644
 --- chrome/browser/BUILD.gn
 +++ chrome/browser/BUILD.gn
 @@ -12,6 +12,7 @@ import("//build/config/crypto.gni")
@@ -29,7 +29,7 @@ index 6cb9ee1f0764..8109a134907e 100644
    if (is_android) {
      sources += [
        "after_startup_task_utils_android.cc",
-@@ -3422,8 +3428,6 @@ static_library("browser") {
+@@ -3424,8 +3430,6 @@ static_library("browser") {
        "nearby_sharing/outgoing_share_target_info.h",
        "nearby_sharing/paired_key_verification_runner.cc",
        "nearby_sharing/paired_key_verification_runner.h",
@@ -38,11 +38,13 @@ index 6cb9ee1f0764..8109a134907e 100644
        "nearby_sharing/share_target_discovered_callback.h",
        "nearby_sharing/share_target_info.cc",
        "nearby_sharing/share_target_info.h",
-@@ -3617,13 +3621,6 @@ static_library("browser") {
+@@ -3619,15 +3623,6 @@ static_library("browser") {
        "serial/serial_chooser_context_factory.cc",
        "serial/serial_chooser_context_factory.h",
        "serial/serial_chooser_histograms.h",
 -      "sharesheet/sharesheet_controller.h",
+-      "sharesheet/sharesheet_metrics.cc",
+-      "sharesheet/sharesheet_metrics.h",
 -      "sharesheet/sharesheet_service.cc",
 -      "sharesheet/sharesheet_service.h",
 -      "sharesheet/sharesheet_service_delegate.cc",

patch/patches/chrome_browser_net_export.patch

@@ -1,5 +1,5 @@
 diff --git chrome/browser/ui/BUILD.gn chrome/browser/ui/BUILD.gn
-index c7bd97a32af1..311f2c52af8d 100644
+index 15657bbf7f7b..398ef9bb6c50 100644
 --- chrome/browser/ui/BUILD.gn
 +++ chrome/browser/ui/BUILD.gn
 @@ -10,6 +10,7 @@ import("//build/config/crypto.gni")
@@ -37,7 +37,7 @@ index c7bd97a32af1..311f2c52af8d 100644
        "//components/profile_metrics",
        "//components/safety_check",
        "//components/search_provider_logos",
-@@ -3905,8 +3912,6 @@ static_library("ui") {
+@@ -3910,8 +3917,6 @@ static_library("ui") {
        "views/toolbar/home_button.h",
        "views/toolbar/reload_button.cc",
        "views/toolbar/reload_button.h",

patch/patches/chrome_browser_safe_browsing.patch

@@ -1,8 +1,16 @@
 diff --git chrome/browser/safe_browsing/BUILD.gn chrome/browser/safe_browsing/BUILD.gn
-index 7f54cacab005..b4f509b766ca 100644
+index 7f54cacab005..db469e514100 100644
 --- chrome/browser/safe_browsing/BUILD.gn
 +++ chrome/browser/safe_browsing/BUILD.gn
-@@ -251,6 +251,7 @@ static_library("safe_browsing") {
+@@ -17,6 +17,7 @@ static_library("safe_browsing") {
+ 
+   deps = [
+     "//chrome/app:generated_resources",
++    "//chrome/browser:ntp_background_proto",
+     "//chrome/common",
+     "//chrome/common:constants",
+     "//components/browser_sync",
+@@ -251,6 +252,7 @@ static_library("safe_browsing") {
          "//chrome/common/safe_browsing:download_type_util",
          "//chrome/services/file_util/public/cpp",
          "//components/content_settings/core/browser",

patch/patches/chrome_runtime.patch

@@ -1,5 +1,5 @@
 diff --git chrome/app/chrome_main_delegate.cc chrome/app/chrome_main_delegate.cc
-index 313975f42c0d..ee7f27dab6b7 100644
+index 3e8b70c47bd2..185f98eceb6c 100644
 --- chrome/app/chrome_main_delegate.cc
 +++ chrome/app/chrome_main_delegate.cc
 @@ -27,6 +27,7 @@
@@ -19,7 +19,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
  #if defined(OS_WIN)
    // Reach out to chrome_elf for the truth on the user data directory.
    // Note that in tests, this links to chrome_elf_test_stubs.
-@@ -624,7 +627,9 @@ void ChromeMainDelegate::PostFieldTrialInitialization() {
+@@ -630,7 +633,9 @@ void ChromeMainDelegate::PostFieldTrialInitialization() {
    }
  
  #if defined(OS_WIN)
@@ -29,7 +29,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
    base::sequence_manager::internal::ThreadControllerPowerMonitor::
        InitializeOnMainThread();
  #endif
-@@ -906,6 +911,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
+@@ -912,6 +917,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
    std::string process_type =
        command_line.GetSwitchValueASCII(switches::kProcessType);
  
@@ -37,7 +37,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
    crash_reporter::InitializeCrashKeys();
  
  #if defined(OS_POSIX)
-@@ -916,6 +922,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
+@@ -922,6 +928,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
    InitMacCrashReporter(command_line, process_type);
    SetUpInstallerPreferences(command_line);
  #endif
@@ -45,7 +45,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
  
  #if defined(OS_WIN)
    child_process_logging::Init();
-@@ -1040,6 +1047,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
+@@ -1046,6 +1053,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
          locale;
    }
  
@@ -53,7 +53,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
  #if defined(OS_POSIX) && !defined(OS_MAC)
    // Zygote needs to call InitCrashReporter() in RunZygote().
    if (process_type != service_manager::switches::kZygoteProcess) {
-@@ -1072,6 +1080,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
+@@ -1078,6 +1086,7 @@ void ChromeMainDelegate::PreSandboxStartup() {
    // After all the platform Breakpads have been initialized, store the command
    // line for crash reporting.
    crash_keys::SetCrashKeysFromCommandLine(command_line);
@@ -61,7 +61,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
  
  #if BUILDFLAG(ENABLE_PDF)
    MaybeInitializeGDI();
-@@ -1170,6 +1179,7 @@ void ChromeMainDelegate::ZygoteForked() {
+@@ -1176,6 +1185,7 @@ void ChromeMainDelegate::ZygoteForked() {
      SetUpProfilingShutdownHandler();
    }
  
@@ -69,7 +69,7 @@ index 313975f42c0d..ee7f27dab6b7 100644
    // Needs to be called after we have chrome::DIR_USER_DATA.  BrowserMain sets
    // this up for the browser process in a different manner.
    const base::CommandLine* command_line =
-@@ -1186,6 +1196,7 @@ void ChromeMainDelegate::ZygoteForked() {
+@@ -1192,6 +1202,7 @@ void ChromeMainDelegate::ZygoteForked() {
  
    // Reset the command line for the newly spawned process.
    crash_keys::SetCrashKeysFromCommandLine(*command_line);

patch/patches/content_2015.patch

@@ -340,7 +340,7 @@ index 5b0784c844bd..a7b6d3f3c237 100644
    // started.
    virtual void SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {}
 diff --git content/renderer/render_frame_impl.cc content/renderer/render_frame_impl.cc
-index 16a16b1f075d..94942f76489c 100644
+index c110db6a32bb..a823bbb57f89 100644
 --- content/renderer/render_frame_impl.cc
 +++ content/renderer/render_frame_impl.cc
 @@ -3853,7 +3853,8 @@ blink::WebPlugin* RenderFrameImpl::CreatePlugin(

patch/patches/prefs_content_1161.patch

@@ -1,5 +1,5 @@
 diff --git content/public/common/common_param_traits_macros.h content/public/common/common_param_traits_macros.h
-index 8e810871066b..107f15b92829 100644
+index 37807f0ad754..006f6e660243 100644
 --- content/public/common/common_param_traits_macros.h
 +++ content/public/common/common_param_traits_macros.h
 @@ -174,6 +174,7 @@ IPC_STRUCT_TRAITS_BEGIN(content::WebPreferences)
@@ -23,7 +23,7 @@ index 839e3cbde987..ef1b0d7be31f 100644
        record_whole_document(false),
        cookie_enabled(true),
 diff --git content/public/common/web_preferences.h content/public/common/web_preferences.h
-index 700b47b5f521..4cd1cdceaf42 100644
+index 9262a32ce209..b4c9e32b6e69 100644
 --- content/public/common/web_preferences.h
 +++ content/public/common/web_preferences.h
 @@ -179,6 +179,7 @@ struct CONTENT_EXPORT WebPreferences {
@@ -35,10 +35,10 @@ index 700b47b5f521..4cd1cdceaf42 100644
    bool record_whole_document;
  
 diff --git content/renderer/render_view_impl.cc content/renderer/render_view_impl.cc
-index 49619a9b5683..52e09111aad3 100644
+index 2852dec8eaf5..881c75a45b2b 100644
 --- content/renderer/render_view_impl.cc
 +++ content/renderer/render_view_impl.cc
-@@ -950,6 +950,8 @@ void RenderView::ApplyWebPreferences(const WebPreferences& prefs,
+@@ -951,6 +951,8 @@ void RenderView::ApplyWebPreferences(const WebPreferences& prefs,
  #endif
  
    WebRuntimeFeatures::EnableTranslateService(prefs.translate_service_available);

patch/patches/renderer_host_1070713.patch

@@ -1,8 +1,8 @@
 diff --git content/browser/renderer_host/render_view_host_impl.cc content/browser/renderer_host/render_view_host_impl.cc
-index 4f914119d21b..5be76fbbda36 100644
+index 3c75954bdcff..7c2c1909d22c 100644
 --- content/browser/renderer_host/render_view_host_impl.cc
 +++ content/browser/renderer_host/render_view_host_impl.cc
-@@ -522,6 +522,8 @@ bool RenderViewHostImpl::IsRenderViewLive() {
+@@ -521,6 +521,8 @@ bool RenderViewHostImpl::IsRenderViewLive() {
  }
  
  void RenderViewHostImpl::SetBackgroundOpaque(bool opaque) {

patch/patches/renderer_preferences_util_545103.patch

@@ -1,8 +1,8 @@
 diff --git chrome/browser/renderer_preferences_util.cc chrome/browser/renderer_preferences_util.cc
-index 0acace592ca4..66cc3c360b79 100644
+index 7ba5b3d1abfe..da7580782644 100644
 --- chrome/browser/renderer_preferences_util.cc
 +++ chrome/browser/renderer_preferences_util.cc
-@@ -33,7 +33,8 @@
+@@ -34,7 +34,8 @@
  #include "ui/base/cocoa/defaults_utils.h"
  #endif
  
@@ -12,7 +12,7 @@ index 0acace592ca4..66cc3c360b79 100644
  #include "chrome/browser/themes/theme_service.h"
  #include "chrome/browser/themes/theme_service_factory.h"
  #include "ui/views/linux_ui/linux_ui.h"
-@@ -155,7 +156,8 @@ void UpdateFromSystemSettings(blink::mojom::RendererPreferences* prefs,
+@@ -162,7 +163,8 @@ void UpdateFromSystemSettings(blink::mojom::RendererPreferences* prefs,
      prefs->caret_blink_interval = interval;
  #endif
  

patch/patches/services_network_2622.patch

@@ -1,5 +1,5 @@
 diff --git chrome/browser/net/profile_network_context_service.cc chrome/browser/net/profile_network_context_service.cc
-index e5160aa3ff1a..87b037e517c2 100644
+index 5630448c45aa..92f675e09856 100644
 --- chrome/browser/net/profile_network_context_service.cc
 +++ chrome/browser/net/profile_network_context_service.cc
 @@ -19,6 +19,7 @@
@@ -10,7 +10,7 @@ index e5160aa3ff1a..87b037e517c2 100644
  #include "chrome/browser/browser_process.h"
  #include "chrome/browser/content_settings/cookie_settings_factory.h"
  #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
-@@ -668,9 +669,23 @@ void ProfileNetworkContextService::ConfigureNetworkContextParamsInternal(
+@@ -669,9 +670,23 @@ void ProfileNetworkContextService::ConfigureNetworkContextParamsInternal(
    network_context_params->cookie_manager_params =
        CreateCookieManagerParams(profile_, *cookie_settings_);
  
@@ -35,7 +35,7 @@ index e5160aa3ff1a..87b037e517c2 100644
      PrefService* local_state = g_browser_process->local_state();
      // Configure the HTTP cache path and size.
      base::FilePath base_cache_path;
-@@ -683,7 +698,9 @@ void ProfileNetworkContextService::ConfigureNetworkContextParamsInternal(
+@@ -684,7 +699,9 @@ void ProfileNetworkContextService::ConfigureNetworkContextParamsInternal(
          base_cache_path.Append(chrome::kCacheDirname);
      network_context_params->http_cache_max_size =
          local_state->GetInteger(prefs::kDiskCacheSize);

patch/patches/services_network_2718.patch

@@ -1,5 +1,5 @@
 diff --git content/browser/storage_partition_impl.cc content/browser/storage_partition_impl.cc
-index eead3ac6a092..372c511b6c77 100644
+index 6996fe8d1be3..3bd057c7d316 100644
 --- content/browser/storage_partition_impl.cc
 +++ content/browser/storage_partition_impl.cc
 @@ -487,10 +487,6 @@ class LoginHandlerDelegate {

patch/patches/ui_gl_utils_1123950.patch

@@ -1,13 +0,0 @@
-diff --git ui/gl/gl_utils.cc ui/gl/gl_utils.cc
-index 2f0832c0ae75..f8a494b05e42 100644
---- ui/gl/gl_utils.cc
-+++ ui/gl/gl_utils.cc
-@@ -130,7 +130,7 @@ bool ShouldForceDirectCompositionRootSurfaceFullDamage() {
-     if ((brga_flags & kSupportBits) == 0)
-       return false;
-     return true;
--  };
-+  }();
-   return should_force;
- }
- #endif  // OS_WIN

patch/patches/views_widget.patch

@@ -73,7 +73,7 @@ index af80b343dcd9..507618362acd 100644
    FRIEND_TEST_ALL_PREFIXES(
        BrowserSideFlingBrowserTest,
 diff --git content/browser/renderer_host/render_widget_host_view_event_handler.cc content/browser/renderer_host/render_widget_host_view_event_handler.cc
-index 44586cc1789a..18705ef4e6e7 100644
+index 51342ad75c8d..75710c8b1b29 100644
 --- content/browser/renderer_host/render_widget_host_view_event_handler.cc
 +++ content/browser/renderer_host/render_widget_host_view_event_handler.cc
 @@ -37,6 +37,10 @@
@@ -102,6 +102,24 @@ index 44586cc1789a..18705ef4e6e7 100644
  #endif
    synthetic_move_position_ = center_in_screen;
  }
+@@ -983,6 +995,17 @@ bool RenderWidgetHostViewEventHandler::MatchesSynthesizedMovePosition(
+ }
+ 
+ void RenderWidgetHostViewEventHandler::SetKeyboardFocus() {
++#if defined(OS_WIN)
++  if (host_view_->HasExternalParent() &&
++      window_ && window_->delegate()->CanFocus()) {
++    aura::WindowTreeHost* host = window_->GetHost();
++    if (host) {
++      gfx::AcceleratedWidget hwnd = host->GetAcceleratedWidget();
++      if (!(::GetWindowLong(hwnd, GWL_EXSTYLE) & WS_EX_NOACTIVATE))
++        ::SetFocus(hwnd);
++    }
++  }
++#endif
+   // TODO(wjmaclean): can host_ ever be null?
+   if (host_ && set_focus_on_mouse_down_or_key_event_) {
+     set_focus_on_mouse_down_or_key_event_ = false;
 diff --git content/public/browser/render_widget_host_view.h content/public/browser/render_widget_host_view.h
 index a7222155f4ea..77ac1f864161 100644
 --- content/public/browser/render_widget_host_view.h

patch/patches/web_contents_1257_1565.patch

@@ -1,8 +1,8 @@
 diff --git content/browser/web_contents/web_contents_impl.cc content/browser/web_contents/web_contents_impl.cc
-index 4dca843104ac..63020b374688 100644
+index 1eadb3f0dace..4316de630cef 100644
 --- content/browser/web_contents/web_contents_impl.cc
 +++ content/browser/web_contents/web_contents_impl.cc
-@@ -2561,15 +2561,22 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params) {
+@@ -2582,15 +2582,22 @@ void WebContentsImpl::Init(const WebContents::CreateParams& params) {
    std::string unique_name;
    frame_tree_.root()->SetFrameName(params.main_frame_name, unique_name);
  
@@ -33,7 +33,7 @@ index 4dca843104ac..63020b374688 100644
    }
    CHECK(render_view_host_delegate_view_);
    CHECK(view_.get());
-@@ -3368,6 +3375,15 @@ RenderFrameHostDelegate* WebContentsImpl::CreateNewWindow(
+@@ -3389,6 +3396,15 @@ RenderFrameHostDelegate* WebContentsImpl::CreateNewWindow(
    // objects.
    create_params.renderer_initiated_creation = !is_new_browsing_instance;
  
@@ -49,7 +49,7 @@ index 4dca843104ac..63020b374688 100644
    std::unique_ptr<WebContentsImpl> new_contents;
    if (!is_guest) {
      create_params.context = view_->GetNativeView();
-@@ -6850,6 +6866,10 @@ void WebContentsImpl::SetFocusedFrame(FrameTreeNode* node,
+@@ -6910,6 +6926,10 @@ void WebContentsImpl::SetFocusedFrame(FrameTreeNode* node,
      // This is an outermost WebContents.
      SetAsFocusedWebContentsIfNecessary();
    }
@@ -73,10 +73,10 @@ index f1dcf53ea481..192f7c0ddd04 100644
  
  WebContents::CreateParams::CreateParams(const CreateParams& other) = default;
 diff --git content/public/browser/web_contents.h content/public/browser/web_contents.h
-index f1c25ed4cf62..8bb6e9a374c7 100644
+index e282d97d9b0f..af6eb6506fb8 100644
 --- content/public/browser/web_contents.h
 +++ content/public/browser/web_contents.h
-@@ -82,8 +82,10 @@ class BrowserContext;
+@@ -83,8 +83,10 @@ class BrowserContext;
  class BrowserPluginGuestDelegate;
  class RenderFrameHost;
  class RenderViewHost;
@@ -87,7 +87,7 @@ index f1c25ed4cf62..8bb6e9a374c7 100644
  class WebUI;
  struct CustomContextMenuContext;
  struct DropData;
-@@ -212,6 +214,10 @@ class WebContents : public PageNavigator,
+@@ -213,6 +215,10 @@ class WebContents : public PageNavigator,
      // Sandboxing flags set on the new WebContents.
      network::mojom::WebSandboxFlags starting_sandbox_flags;
  
@@ -131,10 +131,10 @@ index a10c5caf5a4b..ef8d3c3c1056 100644
    // typically happens when popups are created.
    virtual void WebContentsCreated(WebContents* source_contents,
 diff --git content/public/browser/web_contents_observer.h content/public/browser/web_contents_observer.h
-index 3666e0357038..b82c54816894 100644
+index 301fa10bcc3e..37ec8ddd4583 100644
 --- content/public/browser/web_contents_observer.h
 +++ content/public/browser/web_contents_observer.h
-@@ -610,6 +610,10 @@ class CONTENT_EXPORT WebContentsObserver : public IPC::Listener {
+@@ -613,6 +613,10 @@ class CONTENT_EXPORT WebContentsObserver : public IPC::Listener {
    // WebContents has gained/lost focus.
    virtual void OnFocusChangedInPage(FocusedNodeDetails* details) {}
  

patch/patches/webkit_plugin_info_2015.patch

@@ -44,10 +44,10 @@ index ba112d79de9a..83f5bd971bc9 100644
  
  DocumentInit& DocumentInit::WithTypeFrom(const String& mime_type) {
 diff --git third_party/blink/renderer/core/frame/local_frame.cc third_party/blink/renderer/core/frame/local_frame.cc
-index 11b7b4a63f2e..c2714178a4a4 100644
+index 6120b85a4c1a..6b1943e11ce1 100644
 --- third_party/blink/renderer/core/frame/local_frame.cc
 +++ third_party/blink/renderer/core/frame/local_frame.cc
-@@ -1641,7 +1641,7 @@ WebContentSettingsClient* LocalFrame::GetContentSettingsClient() {
+@@ -1652,7 +1652,7 @@ WebContentSettingsClient* LocalFrame::GetContentSettingsClient() {
  PluginData* LocalFrame::GetPluginData() const {
    if (!Loader().AllowPlugins(kNotAboutToInstantiatePlugin))
      return nullptr;
@@ -85,7 +85,7 @@ index 0608c4defc6d..54eaa2197957 100644
  
  void DevToolsSession::DispatchProtocolCommand(
 diff --git third_party/blink/renderer/core/page/page.cc third_party/blink/renderer/core/page/page.cc
-index 45ef79f88b4d..074d5ea48b12 100644
+index ed6e86624c7d..f377121a2436 100644
 --- third_party/blink/renderer/core/page/page.cc
 +++ third_party/blink/renderer/core/page/page.cc
 @@ -212,7 +212,8 @@ Page::Page(PageClients& page_clients)
@@ -160,7 +160,7 @@ index 45ef79f88b4d..074d5ea48b12 100644
    visitor->Trace(agent_metrics_collector_);
    visitor->Trace(plugins_changed_observers_);
 diff --git third_party/blink/renderer/core/page/page.h third_party/blink/renderer/core/page/page.h
-index b6a1caadf7b7..95fafb720083 100644
+index 945730f54afa..3a95342006b2 100644
 --- third_party/blink/renderer/core/page/page.h
 +++ third_party/blink/renderer/core/page/page.h
 @@ -150,7 +150,8 @@ class CORE_EXPORT Page final : public GarbageCollected<Page>,

patch/patches/webkit_pointer_event_781966.patch

@@ -1,13 +0,0 @@
-diff --git third_party/blink/renderer/core/input/pointer_event_manager.cc third_party/blink/renderer/core/input/pointer_event_manager.cc
-index 8d8f25e2f57a..5aa055ce855f 100644
---- third_party/blink/renderer/core/input/pointer_event_manager.cc
-+++ third_party/blink/renderer/core/input/pointer_event_manager.cc
-@@ -304,7 +304,7 @@ void PointerEventManager::HandlePointerInterruption(
-   for (auto pointer_event : canceled_pointer_events) {
-     // If we are sending a pointercancel we have sent the pointerevent to some
-     // target before.
--    CHECK(element_under_pointer_.Contains(pointer_event->pointerId()));
-+    // CHECK(element_under_pointer_.Contains(pointer_event->pointerId()));
-     Element* target =
-         element_under_pointer_.at(pointer_event->pointerId())->target;
- 

patch/patches/webkit_popups.patch

@@ -11,7 +11,7 @@ index 4d55813fed92..f41bd4b5590e 100644
    // Cancels and hides the current popup (datetime, select...) if any.
    virtual void CancelPagePopup() = 0;
 diff --git third_party/blink/renderer/core/exported/web_view_impl.cc third_party/blink/renderer/core/exported/web_view_impl.cc
-index 4b42cd80d5c1..cafb43ea03f1 100644
+index 54481b3341be..ec210d3be86b 100644
 --- third_party/blink/renderer/core/exported/web_view_impl.cc
 +++ third_party/blink/renderer/core/exported/web_view_impl.cc
 @@ -216,8 +216,13 @@ void WebView::SetUseExternalPopupMenus(bool use_external_popup_menus) {
@@ -30,7 +30,7 @@ index 4b42cd80d5c1..cafb43ea03f1 100644
  }
  
  namespace {
-@@ -323,6 +328,7 @@ WebViewImpl::WebViewImpl(
+@@ -325,6 +330,7 @@ WebViewImpl::WebViewImpl(
        chrome_client_(MakeGarbageCollected<ChromeClientImpl>(this)),
        minimum_zoom_level_(PageZoomFactorToZoomLevel(kMinimumPageZoomFactor)),
        maximum_zoom_level_(PageZoomFactorToZoomLevel(kMaximumPageZoomFactor)),
@@ -39,7 +39,7 @@ index 4b42cd80d5c1..cafb43ea03f1 100644
        fullscreen_controller_(std::make_unique<FullscreenController>(this)),
        receiver_(this, std::move(page_handle)) {
 diff --git third_party/blink/renderer/core/exported/web_view_impl.h third_party/blink/renderer/core/exported/web_view_impl.h
-index 510c555ca5af..242a208b7328 100644
+index 15e2c9b2bb75..8d2fe1676ba8 100644
 --- third_party/blink/renderer/core/exported/web_view_impl.h
 +++ third_party/blink/renderer/core/exported/web_view_impl.h
 @@ -125,7 +125,8 @@ class CORE_EXPORT WebViewImpl final : public WebView,
@@ -52,7 +52,7 @@ index 510c555ca5af..242a208b7328 100644
  
    // Returns whether frames under this WebView are backed by a compositor.
    bool does_composite() const { return does_composite_; }
-@@ -645,6 +646,8 @@ class CORE_EXPORT WebViewImpl final : public WebView,
+@@ -652,6 +653,8 @@ class CORE_EXPORT WebViewImpl final : public WebView,
    float fake_page_scale_animation_page_scale_factor_ = 0.f;
    bool fake_page_scale_animation_use_anchor_ = false;
  

tests/cefclient/CMakeLists.txt.in

@@ -135,6 +135,9 @@ if(OS_LINUX)
   set_target_properties(${CEF_TARGET} PROPERTIES BUILD_WITH_INSTALL_RPATH TRUE)
   set_target_properties(${CEF_TARGET} PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${CEF_TARGET_OUT_DIR})
 
+  # We don't call deprecated GTK functions, and they can cause build failures, so disable them.
+  add_definitions("-DGTK_DISABLE_DEPRECATED")
+
   # Copy CEF binary and resource files to the target output directory.
   COPY_FILES("${CEF_TARGET}" "${CEF_BINARY_FILES}" "${CEF_BINARY_DIR}" "${CEF_TARGET_OUT_DIR}")
   COPY_FILES("${CEF_TARGET}" "${CEF_RESOURCE_FILES}" "${CEF_RESOURCE_DIR}" "${CEF_TARGET_OUT_DIR}")

tests/cefclient/browser/root_window_mac.mm

@@ -897,14 +897,6 @@ scoped_refptr<RootWindow> RootWindow::GetForNSWindow(NSWindow* window) {
     }
   }
 
-  // Don't want any more delegate callbacks after we destroy ourselves.
-  window_.delegate = nil;
-  // Delete the window.
-#if !__has_feature(objc_arc)
-  [window autorelease];
-#endif  // !__has_feature(objc_arc)
-  window_ = nil;
-
   // Clean ourselves up after clearing the stack of anything that might have the
   // window on it.
   [self cleanup];

tests/ceftests/cookie_unittest.cc

@@ -1569,20 +1569,24 @@ class CookieAccessTestHandler : public RoutingTestHandler,
       EXPECT_EQ(0, can_save_cookie1_ct_);
       EXPECT_EQ(0, can_send_cookie2_ct_);
     } else {
-      // Get 1 call to CanSaveCookie for the 1st network request due to the
-      // network cookie.
-      EXPECT_EQ(1, can_save_cookie1_ct_);
       if (test_mode_ == BLOCK_ALL_COOKIES) {
         // Never send any cookies.
         EXPECT_EQ(0, can_send_cookie2_ct_);
+        EXPECT_EQ(0, can_save_cookie1_ct_);
       } else if (test_mode_ & BLOCK_WRITE) {
         // Get 1 calls to CanSendCookie for the 2nd network request due to the
         // JS cookie (network cookie is blocked).
         EXPECT_EQ(1, can_send_cookie2_ct_);
+        // Get 1 call to CanSaveCookie for the 1st network request due to the
+        // network cookie.
+        EXPECT_EQ(1, can_save_cookie1_ct_);
       } else {
         // Get 2 calls to CanSendCookie for the 2nd network request due to the
         // network cookie + JS cookie.
         EXPECT_EQ(2, can_send_cookie2_ct_);
+        // Get 1 call to CanSaveCookie for the 1st network request due to the
+        // network cookie.
+        EXPECT_EQ(1, can_save_cookie1_ct_);
       }
     }
 

tests/ceftests/cors_unittest.cc

@@ -3,6 +3,7 @@
 // can be found in the LICENSE file.
 
 #include <algorithm>
+#include <set>
 #include <vector>
 
 #include "include/base/cef_bind.h"
@@ -22,6 +23,7 @@ const char kMimeTypeText[] = "text/plain";
 
 const char kDefaultHtml[] = "<html><body>TEST</body></html>";
 const char kDefaultText[] = "TEST";
+const char kDefaultCookie[] = "testCookie=testVal";
 
 const char kSuccessMsg[] = "CorsTestHandler.Success";
 const char kFailureMsg[] = "CorsTestHandler.Failure";
@@ -61,6 +63,8 @@ struct Resource {
   // Uniquely identifies the resource.
   HandlerType handler = HandlerType::SERVER;
   std::string path;
+  // If non-empty the method value must match.
+  std::string method;
 
   // Response information that will be returned.
   CefRefPtr<CefResponse> response;
@@ -144,6 +148,9 @@ struct TestSetup {
   // Used for testing received console messages.
   std::vector<std::string> console_messages;
 
+  // If true cookies will be cleared after every test run.
+  bool clear_cookies = false;
+
   void AddResource(Resource* resource) {
     DCHECK(resource);
     resource->Validate();
@@ -155,22 +162,35 @@ struct TestSetup {
     console_messages.push_back(message);
   }
 
-  Resource* GetResource(const std::string& url) const {
+  Resource* GetResource(const std::string& url,
+                        const std::string& method = std::string()) const {
     if (resources.empty())
       return nullptr;
 
+    std::set<std::string> matching_methods;
+    if (method.empty()) {
+      // Match standard HTTP methods.
+      matching_methods.insert("GET");
+      matching_methods.insert("POST");
+    } else {
+      matching_methods.insert(method);
+    }
+
     const std::string& path_url = test_request::GetPathURL(url);
     ResourceList::const_iterator it = resources.begin();
     for (; it != resources.end(); ++it) {
       Resource* resource = *it;
-      if (resource->GetPathURL() == path_url)
+      if (resource->GetPathURL() == path_url &&
+          (resource->method.empty() ||
+           matching_methods.find(resource->method) != matching_methods.end())) {
         return resource;
+      }
     }
     return nullptr;
   }
 
   Resource* GetResource(CefRefPtr<CefRequest> request) const {
-    return GetResource(request->GetURL());
+    return GetResource(request->GetURL(), request->GetMethod());
   }
 
   // Validate expected initial state.
@@ -206,6 +226,12 @@ struct TestSetup {
       (*it)->AssertDone();
     }
   }
+
+  // Optionally override to verify cleared cookie contents.
+  virtual bool VerifyClearedCookies(
+      const test_request::CookieVector& cookies) const {
+    return true;
+  }
 };
 
 class TestServerObserver : public test_server::ObserverHelper {
@@ -284,6 +310,18 @@ class CorsTestHandler : public RoutingTestHandler {
   void DestroyTest() override {
     EXPECT_TRUE(shutting_down_);
 
+    if (setup_->NeedsServer()) {
+      EXPECT_TRUE(got_stopped_server_);
+    } else {
+      EXPECT_FALSE(got_stopped_server_);
+    }
+
+    if (setup_->clear_cookies) {
+      EXPECT_TRUE(got_cleared_cookies_);
+    } else {
+      EXPECT_FALSE(got_cleared_cookies_);
+    }
+
     setup_->AssertDone();
     EXPECT_TRUE(setup_->console_messages.empty())
         << "Did not receive expected console message: "
@@ -292,27 +330,22 @@ class CorsTestHandler : public RoutingTestHandler {
     RoutingTestHandler::DestroyTest();
   }
 
-  void DestroyTestIfDone() {
-    CEF_REQUIRE_UI_THREAD();
-    if (shutting_down_)
-      return;
-
-    if (setup_->IsDone()) {
-      shutting_down_ = true;
-      StopServer();
-    }
-  }
-
   CefRefPtr<CefResourceHandler> GetResourceHandler(
       CefRefPtr<CefBrowser> browser,
       CefRefPtr<CefFrame> frame,
       CefRefPtr<CefRequest> request) override {
     CEF_REQUIRE_IO_THREAD();
+    const std::string& url = request->GetURL();
+    const std::string& method = request->GetMethod();
+    if (method == "OPTIONS") {
+      // We should never see the CORS preflight request.
+      ADD_FAILURE() << "Unexpected CORS preflight for " << url;
+    }
+
     Resource* resource = setup_->GetResource(request);
     if (resource && resource->handler != HandlerType::SERVER) {
       resource->response_ct++;
-      EXPECT_TRUE(resource->VerifyRequest(request))
-          << request->GetURL().ToString();
+      EXPECT_TRUE(resource->VerifyRequest(request)) << url;
       return test_request::CreateResourceHandler(resource->response,
                                                  resource->response_data);
     }
@@ -412,6 +445,17 @@ class CorsTestHandler : public RoutingTestHandler {
     CefPostTask(TID_UI, base::Bind(&CorsTestHandler::DestroyTestIfDone, this));
   }
 
+  void DestroyTestIfDone() {
+    CEF_REQUIRE_UI_THREAD();
+    if (shutting_down_)
+      return;
+
+    if (setup_->IsDone()) {
+      shutting_down_ = true;
+      StopServer();
+    }
+  }
+
   void StartServer(const base::Closure& next_step) {
     if (!CefCurrentlyOn(TID_UI)) {
       CefPostTask(TID_UI,
@@ -433,7 +477,7 @@ class CorsTestHandler : public RoutingTestHandler {
     CEF_REQUIRE_UI_THREAD();
     if (!server_) {
       DCHECK(!setup_->NeedsServer());
-      DestroyTest();
+      AfterStoppedServer();
       return;
     }
 
@@ -443,7 +487,32 @@ class CorsTestHandler : public RoutingTestHandler {
 
   void StoppedServer() {
     CEF_REQUIRE_UI_THREAD();
+    got_stopped_server_.yes();
     server_ = nullptr;
+    AfterStoppedServer();
+  }
+
+  void AfterStoppedServer() {
+    CEF_REQUIRE_UI_THREAD();
+    if (setup_->clear_cookies) {
+      ClearCookies();
+    } else {
+      DestroyTest();
+    }
+  }
+
+  void ClearCookies() {
+    CEF_REQUIRE_UI_THREAD();
+    DCHECK(setup_->clear_cookies);
+    test_request::GetAllCookies(
+        CefCookieManager::GetGlobalManager(nullptr), /*delete_cookies=*/true,
+        base::Bind(&CorsTestHandler::ClearedCookies, this));
+  }
+
+  void ClearedCookies(const test_request::CookieVector& cookies) {
+    CEF_REQUIRE_UI_THREAD();
+    got_cleared_cookies_.yes();
+    EXPECT_TRUE(setup_->VerifyClearedCookies(cookies));
     DestroyTest();
   }
 
@@ -458,6 +527,9 @@ class CorsTestHandler : public RoutingTestHandler {
   TestServerObserver* server_ = nullptr;
   bool shutting_down_ = false;
 
+  TrackCallback got_stopped_server_;
+  TrackCallback got_cleared_cookies_;
+
   IMPLEMENT_REFCOUNTING(CorsTestHandler);
   DISALLOW_COPY_AND_ASSIGN(CorsTestHandler);
 };
@@ -558,6 +630,68 @@ TEST(CorsTest, BasicCustomStandardSchemeWithQuery) {
 
 namespace {
 
+struct CookieTestSetup : TestSetup {
+  CookieTestSetup() {}
+
+  bool expect_cookie = false;
+
+  bool VerifyClearedCookies(
+      const test_request::CookieVector& cookies) const override {
+    if (!expect_cookie) {
+      EXPECT_TRUE(cookies.empty());
+      return cookies.empty();
+    }
+
+    EXPECT_EQ(1U, cookies.size());
+    const std::string& cookie = CefString(&cookies[0].name).ToString() + "=" +
+                                CefString(&cookies[0].value).ToString();
+    EXPECT_STREQ(kDefaultCookie, cookie.c_str());
+    return cookie == kDefaultCookie;
+  }
+};
+
+struct CookieResource : Resource {
+  CookieResource() {}
+
+  bool expect_cookie = false;
+
+  void InitSetCookie() {
+    response->SetHeaderByName("Set-Cookie", kDefaultCookie,
+                              /*override=*/true);
+  }
+
+  bool VerifyRequest(CefRefPtr<CefRequest> request) const override {
+    const std::string& cookie = request->GetHeaderByName("Cookie");
+    const std::string& expected_cookie =
+        expect_cookie ? kDefaultCookie : std::string();
+    EXPECT_STREQ(expected_cookie.c_str(), cookie.c_str()) << GetPathURL();
+    return expected_cookie == cookie;
+  }
+};
+
+void SetupCookieExpectations(CookieTestSetup* setup,
+                             CookieResource* main_resource,
+                             CookieResource* sub_resource) {
+  // All schemes except custom non-standard support cookies.
+  const bool supports_cookies =
+      main_resource->handler != HandlerType::CUSTOM_NONSTANDARD_SCHEME;
+
+  // The main resource may set the cookie (if cookies are supported), but should
+  // not receive one.
+  main_resource->InitSetCookie();
+  main_resource->expect_cookie = false;
+
+  // A cookie will be set only for schemes that support cookies.
+  setup->expect_cookie = supports_cookies;
+  // Always clear cookies so we can verify that one wasn't set unexpectedly.
+  setup->clear_cookies = true;
+
+  // Expect the sub-resource to receive the cookie for same-origin requests
+  // only.
+  sub_resource->expect_cookie =
+      supports_cookies && main_resource->handler == sub_resource->handler;
+}
+
 std::string GetIframeMainHtml(const std::string& iframe_url,
                               const std::string& sandbox_attribs) {
   return "<html><body>TEST<iframe src=\"" + iframe_url + "\" sandbox=\"" +
@@ -576,12 +710,12 @@ bool HasSandboxAttrib(const std::string& sandbox_attribs,
   return sandbox_attribs.find(attrib) != std::string::npos;
 }
 
-void SetupIframeRequest(TestSetup* setup,
+void SetupIframeRequest(CookieTestSetup* setup,
                         const std::string& test_name,
                         HandlerType main_handler,
-                        Resource* main_resource,
+                        CookieResource* main_resource,
                         HandlerType iframe_handler,
-                        Resource* iframe_resource,
+                        CookieResource* iframe_resource,
                         const std::string& sandbox_attribs) {
   const std::string& base_path = "/" + test_name;
 
@@ -594,6 +728,8 @@ void SetupIframeRequest(TestSetup* setup,
   main_resource->Init(main_handler, base_path, kMimeTypeHtml,
                       GetIframeMainHtml(iframe_url, sandbox_attribs));
 
+  SetupCookieExpectations(setup, main_resource, iframe_resource);
+
   if (HasSandboxAttrib(sandbox_attribs, "allow-scripts")) {
     // Expect the iframe to load successfully and send the SuccessMsg.
     iframe_resource->expected_success_query_ct = 1;
@@ -636,8 +772,8 @@ void SetupIframeRequest(TestSetup* setup,
 #define CORS_TEST_IFRAME(test_name, handler_main, handler_iframe,     \
                          sandbox_attribs)                             \
   TEST(CorsTest, Iframe##test_name) {                                 \
-    TestSetup setup;                                                  \
-    Resource resource_main, resource_iframe;                          \
+    CookieTestSetup setup;                                            \
+    CookieResource resource_main, resource_iframe;                    \
     SetupIframeRequest(&setup, "CorsTest.Iframe" #test_name,          \
                        HandlerType::handler_main, &resource_main,     \
                        HandlerType::handler_iframe, &resource_iframe, \
@@ -698,7 +834,11 @@ CORS_TEST_IFRAME_ALL(AllowScriptsAndSameOrigin,
 
 namespace {
 
-struct SubResource : Resource {
+const char kSubRequestMethod[] = "GET";
+const char kSubUnsafeHeaderName[] = "x-unsafe-header";
+const char kSubUnsafeHeaderValue[] = "not-safe";
+
+struct SubResource : CookieResource {
   SubResource() {}
 
   std::string main_origin;
@@ -706,6 +846,9 @@ struct SubResource : Resource {
   bool is_cross_origin = false;
 
   void InitCors(HandlerType main_handler, bool add_header) {
+    // Must specify the method to differentiate from the preflight request.
+    method = kSubRequestMethod;
+
     // Origin is always "null" for non-standard schemes.
     main_origin = main_handler == HandlerType::CUSTOM_NONSTANDARD_SCHEME
                       ? "null"
@@ -733,14 +876,79 @@ struct SubResource : Resource {
   }
 
   bool VerifyRequest(CefRefPtr<CefRequest> request) const override {
+    if (!CookieResource::VerifyRequest(request))
+      return false;
+
+    const std::string& request_method = request->GetMethod();
+    EXPECT_STREQ(method.c_str(), request_method.c_str()) << GetPathURL();
+    if (request_method != method)
+      return false;
+
     // Verify that the "Origin" header contains the expected value.
     const std::string& origin = request->GetHeaderByName("Origin");
-    if (is_cross_origin) {
-      EXPECT_STREQ(main_origin.c_str(), origin.c_str());
-      return main_origin == origin;
-    }
-    EXPECT_TRUE(origin.empty());
-    return origin.empty();
+    const std::string& expected_origin =
+        is_cross_origin ? main_origin : std::string();
+    EXPECT_STREQ(expected_origin.c_str(), origin.c_str()) << GetPathURL();
+    if (expected_origin != origin)
+      return false;
+
+    // Verify that the "X-Unsafe-Header" header contains the expected value.
+    const std::string& unsafe_header =
+        request->GetHeaderByName(kSubUnsafeHeaderName);
+    EXPECT_STREQ(kSubUnsafeHeaderValue, unsafe_header.c_str()) << GetPathURL();
+    return unsafe_header == kSubUnsafeHeaderValue;
+  }
+};
+
+// See https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
+// for details of CORS preflight behavior.
+struct PreflightResource : Resource {
+  std::string main_origin;
+
+  void InitPreflight(HandlerType main_handler) {
+    // CORS preflight requests originate from PreflightController in the network
+    // process, so we only expect them for server requests.
+    EXPECT_EQ(HandlerType::SERVER, handler);
+
+    // Origin is always "null" for non-standard schemes.
+    main_origin = main_handler == HandlerType::CUSTOM_NONSTANDARD_SCHEME
+                      ? "null"
+                      : GetOrigin(main_handler);
+
+    method = "OPTIONS";
+    response->SetHeaderByName("Access-Control-Allow-Methods",
+                              "GET,HEAD,OPTIONS,POST", false);
+    response->SetHeaderByName("Access-Control-Allow-Headers",
+                              kSubUnsafeHeaderName, false);
+    response->SetHeaderByName("Access-Control-Allow-Origin", main_origin,
+                              false);
+  }
+
+  bool VerifyRequest(CefRefPtr<CefRequest> request) const override {
+    const std::string& request_method = request->GetMethod();
+    EXPECT_STREQ(method.c_str(), request_method.c_str()) << GetPathURL();
+    if (request_method != method)
+      return false;
+
+    const std::string& origin = request->GetHeaderByName("Origin");
+    EXPECT_STREQ(main_origin.c_str(), origin.c_str()) << GetPathURL();
+    if (main_origin != origin)
+      return false;
+
+    const std::string& ac_request_method =
+        request->GetHeaderByName("Access-Control-Request-Method");
+    EXPECT_STREQ(kSubRequestMethod, ac_request_method.c_str()) << GetPathURL();
+    if (ac_request_method != kSubRequestMethod)
+      return false;
+
+    const std::string& ac_request_headers =
+        request->GetHeaderByName("Access-Control-Request-Headers");
+    EXPECT_STREQ(kSubUnsafeHeaderName, ac_request_headers.c_str())
+        << GetPathURL();
+    if (ac_request_headers != kSubUnsafeHeaderName)
+      return false;
+
+    return true;
   }
 };
 
@@ -750,10 +958,15 @@ enum class ExecMode {
 };
 
 std::string GetXhrExecJS(const std::string& sub_url) {
+  // Inclusion of an unsafe header triggers CORS preflight for cross-origin
+  // requests to the server.
   return "xhr = new XMLHttpRequest();\n"
          "xhr.open(\"GET\", \"" +
          sub_url +
          "\", true)\n;"
+         "xhr.setRequestHeader('" +
+         kSubUnsafeHeaderName + "', '" + kSubUnsafeHeaderValue +
+         "');\n"
          "xhr.onload = function(e) {\n"
          "  if (xhr.readyState === 4) {\n"
          "    if (xhr.status === 200) {\n"
@@ -772,8 +985,16 @@ std::string GetXhrExecJS(const std::string& sub_url) {
 }
 
 std::string GetFetchExecJS(const std::string& sub_url) {
-  return "fetch('" + sub_url +
-         "')\n"
+  // Inclusion of an unsafe header triggers CORS preflight for cross-origin
+  // requests to the server.
+  return std::string() +
+         "let h = new Headers();\n"
+         "h.append('" +
+         kSubUnsafeHeaderName + "', '" + kSubUnsafeHeaderValue +
+         "');\n"
+         "fetch('" +
+         sub_url +
+         "', {headers: h})\n"
          ".then(function(response) {\n"
          "  if (response.status === 200) {\n"
          "      response.text().then(function(text) {\n"
@@ -808,19 +1029,24 @@ std::string GetExecMainHtml(ExecMode mode, const std::string& sub_url) {
 }
 
 // XHR and fetch requests behave the same, except for console message contents.
+// In addition to basic CORS header behaviors and request blocking, this test
+// verifies that CORS preflight requests are sent and received when expected.
+// Since preflight behavior is implemented in the network process we expect it
+// to already have substantial test coverage in Chromium.
 void SetupExecRequest(ExecMode mode,
-                      TestSetup* setup,
+                      CookieTestSetup* setup,
                       const std::string& test_name,
                       HandlerType main_handler,
-                      Resource* main_resource,
+                      CookieResource* main_resource,
                       HandlerType sub_handler,
                       SubResource* sub_resource,
+                      PreflightResource* preflight_resource,
                       bool add_header) {
   const std::string& base_path = "/" + test_name;
 
   // Expect a single xhr request.
-  sub_resource->Init(sub_handler, base_path + ".sub.txt", kMimeTypeText,
-                     kDefaultText);
+  const std::string& sub_path = base_path + ".sub.txt";
+  sub_resource->Init(sub_handler, sub_path, kMimeTypeText, kDefaultText);
   sub_resource->InitCors(main_handler, add_header);
 
   // Expect a single main frame request.
@@ -828,29 +1054,44 @@ void SetupExecRequest(ExecMode mode,
   main_resource->Init(main_handler, base_path, kMimeTypeHtml,
                       GetExecMainHtml(mode, sub_url));
 
+  SetupCookieExpectations(setup, main_resource, sub_resource);
+
+  // Cross-origin requests to a server sub-resource will receive a CORS
+  // preflight request because we add an unsafe header.
+  const bool expect_cors_preflight =
+      sub_resource->is_cross_origin && sub_handler == HandlerType::SERVER;
+
   if (sub_resource->is_cross_origin &&
       (!sub_resource->supports_cors || !add_header)) {
     // Expect the cross-origin XHR to be blocked.
     main_resource->expected_failure_query_ct = 1;
 
     if (sub_resource->supports_cors && !add_header) {
-      // The request supports CORS, but we didn't add the header.
-      if (mode == ExecMode::XHR) {
-        setup->AddConsoleMessage(
-            "Access to XMLHttpRequest at '" + sub_url + "' from origin '" +
-            sub_resource->main_origin +
-            "' has been blocked by CORS policy: No "
-            "'Access-Control-Allow-Origin' "
-            "header is present on the requested resource.");
-      } else {
-        setup->AddConsoleMessage(
-            "Access to fetch at '" + sub_url + "' from origin '" +
-            sub_resource->main_origin +
-            "' has been blocked by CORS policy: No "
-            "'Access-Control-Allow-Origin' header is present on the requested "
-            "resource. If an opaque response serves your needs, set the "
-            "request's mode to 'no-cors' to fetch the resource with CORS "
-            "disabled.");
+      // The request supports CORS, but we didn't add the
+      // "Access-Control-Allow-Origin" header.
+      if (!expect_cors_preflight || preflight_resource != nullptr) {
+        // This is the error message when not expecting a CORS preflight
+        // request, or when the preflight request is handled by the server.
+        // Unhandled preflight requests will output a different error message
+        // (see below).
+        if (mode == ExecMode::XHR) {
+          setup->AddConsoleMessage(
+              "Access to XMLHttpRequest at '" + sub_url + "' from origin '" +
+              sub_resource->main_origin +
+              "' has been blocked by CORS policy: No "
+              "'Access-Control-Allow-Origin' "
+              "header is present on the requested resource.");
+        } else {
+          setup->AddConsoleMessage(
+              "Access to fetch at '" + sub_url + "' from origin '" +
+              sub_resource->main_origin +
+              "' has been blocked by CORS policy: No "
+              "'Access-Control-Allow-Origin' header is present on the "
+              "requested "
+              "resource. If an opaque response serves your needs, set the "
+              "request's mode to 'no-cors' to fetch the resource with CORS "
+              "disabled.");
+        }
       }
     } else if (mode == ExecMode::XHR) {
       setup->AddConsoleMessage(
@@ -870,22 +1111,63 @@ void SetupExecRequest(ExecMode mode,
 
   setup->AddResource(main_resource);
   setup->AddResource(sub_resource);
+
+  if (expect_cors_preflight) {
+    // Expect a CORS preflight request.
+    if (preflight_resource) {
+      // The server will handle the preflight request. The cross-origin XHR may
+      // still be blocked if the "Access-Control-Allow-Origin" header is missing
+      // (see above).
+      preflight_resource->Init(sub_handler, sub_path, kMimeTypeText,
+                               std::string());
+      preflight_resource->InitPreflight(main_handler);
+      setup->AddResource(preflight_resource);
+    } else {
+      // The server will not handle the preflight request. Expect the
+      // cross-origin XHR to be blocked.
+      main_resource->expected_failure_query_ct = 1;
+      main_resource->expected_success_query_ct = 0;
+      sub_resource->expected_response_ct = 0;
+
+      if (mode == ExecMode::XHR) {
+        setup->AddConsoleMessage(
+            "Access to XMLHttpRequest at '" + sub_url + "' from origin '" +
+            sub_resource->main_origin +
+            "' has been blocked by CORS policy: Response to preflight request "
+            "doesn't pass access control check: No "
+            "'Access-Control-Allow-Origin' header is present on the requested "
+            "resource.");
+      } else {
+        setup->AddConsoleMessage(
+            "Access to fetch at '" + sub_url + "' from origin '" +
+            sub_resource->main_origin +
+            "' has been blocked by CORS policy: Response to preflight request "
+            "doesn't pass access control check: No "
+            "'Access-Control-Allow-Origin' header is present on the requested "
+            "resource. If an opaque response serves your needs, set the "
+            "request's mode to 'no-cors' to fetch the resource with CORS "
+            "disabled.");
+      }
+    }
+  }
 }
 
 }  // namespace
 
 // Test XHR requests with different origin combinations.
-#define CORS_TEST_XHR(test_name, handler_main, handler_sub, add_header)    \
-  TEST(CorsTest, Xhr##test_name) {                                         \
-    TestSetup setup;                                                       \
-    Resource resource_main;                                                \
-    SubResource resource_sub;                                              \
-    SetupExecRequest(ExecMode::XHR, &setup, "CorsTest.Xhr" #test_name,     \
-                     HandlerType::handler_main, &resource_main,            \
-                     HandlerType::handler_sub, &resource_sub, add_header); \
-    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);      \
-    handler->ExecuteTest();                                                \
-    ReleaseAndWaitForDestructor(handler);                                  \
+#define CORS_TEST_XHR(test_name, handler_main, handler_sub, add_header) \
+  TEST(CorsTest, Xhr##test_name) {                                      \
+    CookieTestSetup setup;                                              \
+    CookieResource resource_main;                                       \
+    SubResource resource_sub;                                           \
+    PreflightResource resource_preflight;                               \
+    SetupExecRequest(ExecMode::XHR, &setup, "CorsTest.Xhr" #test_name,  \
+                     HandlerType::handler_main, &resource_main,         \
+                     HandlerType::handler_sub, &resource_sub,           \
+                     &resource_preflight, add_header);                  \
+    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);   \
+    handler->ExecuteTest();                                             \
+    ReleaseAndWaitForDestructor(handler);                               \
   }
 
 // Test all origin combinations (same and cross-origin).
@@ -927,15 +1209,48 @@ CORS_TEST_XHR_ALL(NoHeader, false)
 // XHR requests with the "Access-Control-Allow-Origin" header.
 CORS_TEST_XHR_ALL(WithHeader, true)
 
+// Like above, but without handling CORS preflight requests.
+#define CORS_TEST_XHR_NO_PREFLIGHT(test_name, handler_main, handler_sub, \
+                                   add_header)                           \
+  TEST(CorsTest, Xhr##test_name) {                                       \
+    CookieTestSetup setup;                                               \
+    CookieResource resource_main;                                        \
+    SubResource resource_sub;                                            \
+    SetupExecRequest(ExecMode::XHR, &setup, "CorsTest.Xhr" #test_name,   \
+                     HandlerType::handler_main, &resource_main,          \
+                     HandlerType::handler_sub, &resource_sub, nullptr,   \
+                     add_header);                                        \
+    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);    \
+    handler->ExecuteTest();                                              \
+    ReleaseAndWaitForDestructor(handler);                                \
+  }
+
+#define CORS_TEST_XHR_NO_PREFLIGHT_SERVER(name, add_header)                    \
+  CORS_TEST_XHR_NO_PREFLIGHT(name##ServerToServer, SERVER, SERVER, add_header) \
+  CORS_TEST_XHR_NO_PREFLIGHT(name##HttpSchemeToServer, HTTP_SCHEME, SERVER,    \
+                             add_header)                                       \
+  CORS_TEST_XHR_NO_PREFLIGHT(name##CustomStandardSchemeToServer,               \
+                             CUSTOM_STANDARD_SCHEME, SERVER, add_header)       \
+  CORS_TEST_XHR_NO_PREFLIGHT(name##CustomNonStandardSchemeToServer,            \
+                             CUSTOM_NONSTANDARD_SCHEME, SERVER, add_header)
+
+// XHR requests without the "Access-Control-Allow-Origin" header.
+CORS_TEST_XHR_NO_PREFLIGHT_SERVER(NoHeaderNoPreflight, false)
+
+// XHR requests with the "Access-Control-Allow-Origin" header.
+CORS_TEST_XHR_NO_PREFLIGHT_SERVER(WithHeaderNoPreflight, true)
+
 // Test fetch requests with different origin combinations.
 #define CORS_TEST_FETCH(test_name, handler_main, handler_sub, add_header)  \
   TEST(CorsTest, Fetch##test_name) {                                       \
-    TestSetup setup;                                                       \
-    Resource resource_main;                                                \
+    CookieTestSetup setup;                                                 \
+    CookieResource resource_main;                                          \
     SubResource resource_sub;                                              \
+    PreflightResource resource_preflight;                                  \
     SetupExecRequest(ExecMode::FETCH, &setup, "CorsTest.Fetch" #test_name, \
                      HandlerType::handler_main, &resource_main,            \
-                     HandlerType::handler_sub, &resource_sub, add_header); \
+                     HandlerType::handler_sub, &resource_sub,              \
+                     &resource_preflight, add_header);                     \
     CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);      \
     handler->ExecuteTest();                                                \
     ReleaseAndWaitForDestructor(handler);                                  \
@@ -981,3 +1296,325 @@ CORS_TEST_FETCH_ALL(NoHeader, false)
 
 // Fetch requests with the "Access-Control-Allow-Origin" header.
 CORS_TEST_FETCH_ALL(WithHeader, true)
+
+// Like above, but without handling CORS preflight requests.
+#define CORS_TEST_FETCH_NO_PREFLIGHT(test_name, handler_main, handler_sub, \
+                                     add_header)                           \
+  TEST(CorsTest, Fetch##test_name) {                                       \
+    CookieTestSetup setup;                                                 \
+    CookieResource resource_main;                                          \
+    SubResource resource_sub;                                              \
+    SetupExecRequest(ExecMode::FETCH, &setup, "CorsTest.Fetch" #test_name, \
+                     HandlerType::handler_main, &resource_main,            \
+                     HandlerType::handler_sub, &resource_sub, nullptr,     \
+                     add_header);                                          \
+    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);      \
+    handler->ExecuteTest();                                                \
+    ReleaseAndWaitForDestructor(handler);                                  \
+  }
+
+#define CORS_TEST_FETCH_NO_PREFLIGHT_SERVER(name, add_header)                 \
+  CORS_TEST_FETCH_NO_PREFLIGHT(name##ServerToServer, SERVER, SERVER,          \
+                               add_header)                                    \
+  CORS_TEST_FETCH_NO_PREFLIGHT(name##HttpSchemeToServer, HTTP_SCHEME, SERVER, \
+                               add_header)                                    \
+  CORS_TEST_FETCH_NO_PREFLIGHT(name##CustomStandardSchemeToServer,            \
+                               CUSTOM_STANDARD_SCHEME, SERVER, add_header)    \
+  CORS_TEST_FETCH_NO_PREFLIGHT(name##CustomNonStandardSchemeToServer,         \
+                               CUSTOM_NONSTANDARD_SCHEME, SERVER, add_header)
+
+// Fetch requests without the "Access-Control-Allow-Origin" header.
+CORS_TEST_FETCH_NO_PREFLIGHT_SERVER(NoHeaderNoPreflight, false)
+
+// Fetch requests with the "Access-Control-Allow-Origin" header.
+CORS_TEST_FETCH_NO_PREFLIGHT_SERVER(WithHeaderNoPreflight, true)
+
+namespace {
+
+enum class RedirectMode {
+  MODE_302,
+  MODE_307,
+};
+
+struct RedirectGetResource : CookieResource {
+  RedirectGetResource() {}
+
+  bool VerifyRequest(CefRefPtr<CefRequest> request) const override {
+    if (!CookieResource::VerifyRequest(request))
+      return false;
+
+    // The "Origin" header should never be present for a redirect.
+    const std::string& origin = request->GetHeaderByName("Origin");
+    EXPECT_TRUE(origin.empty()) << GetPathURL();
+    return origin.empty();
+  }
+};
+
+void SetupRedirectResponse(RedirectMode mode,
+                           const std::string& redirect_url,
+                           CefRefPtr<CefResponse> response) {
+  if (mode == RedirectMode::MODE_302)
+    response->SetStatus(302);
+  else if (mode == RedirectMode::MODE_307)
+    response->SetStatus(307);
+  else
+    NOTREACHED();
+
+  response->SetHeaderByName("Location", redirect_url,
+                            /*override=*/false);
+}
+
+// Test redirect requests.
+void SetupRedirectGetRequest(RedirectMode mode,
+                             CookieTestSetup* setup,
+                             const std::string& test_name,
+                             HandlerType main_handler,
+                             CookieResource* main_resource,
+                             HandlerType redirect_handler,
+                             RedirectGetResource* redirect_resource) {
+  const std::string& base_path = "/" + test_name;
+
+  // Expect a single redirect request that sends SuccessMsg.
+  redirect_resource->Init(redirect_handler, base_path + ".redirect.html",
+                          kMimeTypeHtml, GetDefaultSuccessMsgHtml());
+  redirect_resource->expected_success_query_ct = 1;
+
+  // Expect a single main request that results in a redirect.
+  const std::string& redirect_url = redirect_resource->GetPathURL();
+  main_resource->Init(main_handler, base_path, kMimeTypeHtml, std::string());
+  SetupRedirectResponse(mode, redirect_url, main_resource->response);
+
+  SetupCookieExpectations(setup, main_resource, redirect_resource);
+
+  setup->AddResource(main_resource);
+  setup->AddResource(redirect_resource);
+}
+
+}  // namespace
+
+// Test redirect GET requests with different origin combinations.
+#define CORS_TEST_REDIRECT_GET(test_name, mode, handler_main,          \
+                               handler_redirect)                       \
+  TEST(CorsTest, RedirectGet##test_name) {                             \
+    CookieTestSetup setup;                                             \
+    CookieResource resource_main;                                      \
+    RedirectGetResource resource_redirect;                             \
+    SetupRedirectGetRequest(                                           \
+        RedirectMode::mode, &setup, "CorsTest.RedirectGet" #test_name, \
+        HandlerType::handler_main, &resource_main,                     \
+        HandlerType::handler_redirect, &resource_redirect);            \
+    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);  \
+    handler->ExecuteTest();                                            \
+    ReleaseAndWaitForDestructor(handler);                              \
+  }
+
+// Test all redirect GET combinations (same and cross-origin).
+#define CORS_TEST_REDIRECT_GET_ALL(name, mode)                                 \
+  CORS_TEST_REDIRECT_GET(name##ServerToServer, mode, SERVER, SERVER)           \
+  CORS_TEST_REDIRECT_GET(name##ServerToHttpScheme, mode, SERVER, HTTP_SCHEME)  \
+  CORS_TEST_REDIRECT_GET(name##ServerToCustomStandardScheme, mode, SERVER,     \
+                         CUSTOM_STANDARD_SCHEME)                               \
+  CORS_TEST_REDIRECT_GET(name##ServerToCustomNonStandardScheme, mode, SERVER,  \
+                         CUSTOM_NONSTANDARD_SCHEME)                            \
+  CORS_TEST_REDIRECT_GET(name##HttpSchemeToServer, mode, HTTP_SCHEME, SERVER)  \
+  CORS_TEST_REDIRECT_GET(name##HttpSchemeToHttpScheme, mode, HTTP_SCHEME,      \
+                         HTTP_SCHEME)                                          \
+  CORS_TEST_REDIRECT_GET(name##HttpSchemeToCustomStandardScheme, mode,         \
+                         HTTP_SCHEME, CUSTOM_STANDARD_SCHEME)                  \
+  CORS_TEST_REDIRECT_GET(name##HttpSchemeToCustomNonStandardScheme, mode,      \
+                         HTTP_SCHEME, CUSTOM_NONSTANDARD_SCHEME)               \
+  CORS_TEST_REDIRECT_GET(name##CustomStandardSchemeToServer, mode,             \
+                         CUSTOM_STANDARD_SCHEME, SERVER)                       \
+  CORS_TEST_REDIRECT_GET(name##CustomStandardSchemeToHttpScheme, mode,         \
+                         CUSTOM_STANDARD_SCHEME, HTTP_SCHEME)                  \
+  CORS_TEST_REDIRECT_GET(name##CustomStandardSchemeToCustomStandardScheme,     \
+                         mode, CUSTOM_STANDARD_SCHEME, CUSTOM_STANDARD_SCHEME) \
+  CORS_TEST_REDIRECT_GET(name##CustomStandardSchemeToCustomNonStandardScheme,  \
+                         mode, CUSTOM_STANDARD_SCHEME,                         \
+                         CUSTOM_NONSTANDARD_SCHEME)                            \
+  CORS_TEST_REDIRECT_GET(name##CustomNonStandardSchemeToServer, mode,          \
+                         CUSTOM_NONSTANDARD_SCHEME, SERVER)                    \
+  CORS_TEST_REDIRECT_GET(name##CustomNonStandardSchemeToHttpScheme, mode,      \
+                         CUSTOM_NONSTANDARD_SCHEME, HTTP_SCHEME)               \
+  CORS_TEST_REDIRECT_GET(name##CustomNonStandardSchemeToCustomStandardScheme,  \
+                         mode, CUSTOM_NONSTANDARD_SCHEME,                      \
+                         CUSTOM_STANDARD_SCHEME)                               \
+  CORS_TEST_REDIRECT_GET(                                                      \
+      name##CustomNonStandardSchemeToCustomNonStandardScheme, mode,            \
+      CUSTOM_NONSTANDARD_SCHEME, CUSTOM_NONSTANDARD_SCHEME)
+
+// Redirect GET requests.
+CORS_TEST_REDIRECT_GET_ALL(302, MODE_302)
+CORS_TEST_REDIRECT_GET_ALL(307, MODE_307)
+
+namespace {
+
+struct PostResource : CookieResource {
+  PostResource() {}
+
+  bool expect_downgrade_to_get = false;
+  bool was_redirected = false;
+
+  std::string main_origin;
+  bool is_cross_origin;
+
+  void InitOrigin(HandlerType main_handler) {
+    // Origin is always "null" for non-HTTP(S) schemes.
+    // This should only be "null" for non-standard schemes, but Blink is likely
+    // using SchemeIsHTTPOrHTTPS() when submitting the form request.
+    main_origin = main_handler == HandlerType::CUSTOM_NONSTANDARD_SCHEME ||
+                          main_handler == HandlerType::CUSTOM_STANDARD_SCHEME
+                      ? "null"
+                      : GetOrigin(main_handler);
+
+    // True if the request is considered cross-origin. Any requests between
+    // non-standard schemes are considered cross-origin (due to the "null"
+    // origin).
+    is_cross_origin = main_handler != handler ||
+                      (main_handler == HandlerType::CUSTOM_NONSTANDARD_SCHEME &&
+                       handler == main_handler);
+  }
+
+  bool VerifyRequest(CefRefPtr<CefRequest> request) const override {
+    if (!CookieResource::VerifyRequest(request))
+      return false;
+
+    // The "Origin" header should be present if the request is POST, and was not
+    // redirected cross-origin.
+    std::string expected_origin;
+    if (!expect_downgrade_to_get) {
+      if (was_redirected && is_cross_origin) {
+        // Always "null" for cross-origin redirects.
+        expected_origin = "null";
+      } else {
+        expected_origin = main_origin;
+      }
+    }
+
+    const std::string& origin = request->GetHeaderByName("Origin");
+    EXPECT_STREQ(expected_origin.c_str(), origin.c_str()) << GetPathURL();
+    if (expected_origin != origin)
+      return false;
+
+    const std::string& req_method = request->GetMethod();
+    const bool has_post_data = request->GetPostData() != nullptr;
+    if (expect_downgrade_to_get) {
+      EXPECT_FALSE(has_post_data) << GetPathURL();
+      EXPECT_STREQ("GET", req_method.c_str()) << GetPathURL();
+      return !has_post_data && req_method == "GET";
+    } else {
+      EXPECT_TRUE(has_post_data) << GetPathURL();
+      EXPECT_STREQ("POST", req_method.c_str()) << GetPathURL();
+      return has_post_data && req_method == "POST";
+    }
+  }
+};
+
+std::string GetPostFormHtml(const std::string& submit_url) {
+  return "<html><body>"
+         "<form id=\"f\" action=\"" +
+         submit_url +
+         "\" method=\"post\">"
+         "<input type=\"hidden\" name=\"n\" value=\"v\"></form>"
+         "<script>document.getElementById('f').submit();</script>"
+         "</body></html>";
+}
+
+// Test redirect requests.
+void SetupRedirectPostRequest(RedirectMode mode,
+                              CookieTestSetup* setup,
+                              const std::string& test_name,
+                              HandlerType main_handler,
+                              CookieResource* main_resource,
+                              PostResource* submit_resource,
+                              HandlerType redirect_handler,
+                              PostResource* redirect_resource) {
+  const std::string& base_path = "/" + test_name;
+
+  // Expect a single redirect request that sends SuccessMsg.
+  redirect_resource->Init(redirect_handler, base_path + ".redirect.html",
+                          kMimeTypeHtml, GetDefaultSuccessMsgHtml());
+  redirect_resource->InitOrigin(main_handler);
+  redirect_resource->expected_success_query_ct = 1;
+
+  // 302 redirects will downgrade POST requests to GET.
+  redirect_resource->expect_downgrade_to_get = mode == RedirectMode::MODE_302;
+  redirect_resource->was_redirected = true;
+
+  // Expect a single submit request that redirects the response.
+  const std::string& redirect_url = redirect_resource->GetPathURL();
+  submit_resource->Init(main_handler, base_path + ".submit.html", kMimeTypeHtml,
+                        std::string());
+  submit_resource->InitOrigin(main_handler);
+  SetupRedirectResponse(mode, redirect_url, submit_resource->response);
+
+  // Expect a single main request that submits the form.
+  const std::string& submit_url = submit_resource->GetPathURL();
+  main_resource->Init(main_handler, base_path, kMimeTypeHtml,
+                      GetPostFormHtml(submit_url));
+
+  SetupCookieExpectations(setup, main_resource, submit_resource);
+  SetupCookieExpectations(setup, main_resource, redirect_resource);
+
+  setup->AddResource(main_resource);
+  setup->AddResource(submit_resource);
+  setup->AddResource(redirect_resource);
+}
+
+}  // namespace
+
+// Test redirect GET requests with different origin combinations.
+#define CORS_TEST_REDIRECT_POST(test_name, mode, handler_main,          \
+                                handler_redirect)                       \
+  TEST(CorsTest, RedirectPost##test_name) {                             \
+    CookieTestSetup setup;                                              \
+    CookieResource resource_main;                                       \
+    PostResource resource_submit, resource_redirect;                    \
+    SetupRedirectPostRequest(                                           \
+        RedirectMode::mode, &setup, "CorsTest.RedirectPost" #test_name, \
+        HandlerType::handler_main, &resource_main, &resource_submit,    \
+        HandlerType::handler_redirect, &resource_redirect);             \
+    CefRefPtr<CorsTestHandler> handler = new CorsTestHandler(&setup);   \
+    handler->ExecuteTest();                                             \
+    ReleaseAndWaitForDestructor(handler);                               \
+  }
+
+// Test all redirect GET combinations (same and cross-origin).
+#define CORS_TEST_REDIRECT_POST_ALL(name, mode)                                \
+  CORS_TEST_REDIRECT_POST(name##ServerToServer, mode, SERVER, SERVER)          \
+  CORS_TEST_REDIRECT_POST(name##ServerToHttpScheme, mode, SERVER, HTTP_SCHEME) \
+  CORS_TEST_REDIRECT_POST(name##ServerToCustomStandardScheme, mode, SERVER,    \
+                          CUSTOM_STANDARD_SCHEME)                              \
+  CORS_TEST_REDIRECT_POST(name##ServerToCustomNonStandardScheme, mode, SERVER, \
+                          CUSTOM_NONSTANDARD_SCHEME)                           \
+  CORS_TEST_REDIRECT_POST(name##HttpSchemeToServer, mode, HTTP_SCHEME, SERVER) \
+  CORS_TEST_REDIRECT_POST(name##HttpSchemeToHttpScheme, mode, HTTP_SCHEME,     \
+                          HTTP_SCHEME)                                         \
+  CORS_TEST_REDIRECT_POST(name##HttpSchemeToCustomStandardScheme, mode,        \
+                          HTTP_SCHEME, CUSTOM_STANDARD_SCHEME)                 \
+  CORS_TEST_REDIRECT_POST(name##HttpSchemeToCustomNonStandardScheme, mode,     \
+                          HTTP_SCHEME, CUSTOM_NONSTANDARD_SCHEME)              \
+  CORS_TEST_REDIRECT_POST(name##CustomStandardSchemeToServer, mode,            \
+                          CUSTOM_STANDARD_SCHEME, SERVER)                      \
+  CORS_TEST_REDIRECT_POST(name##CustomStandardSchemeToHttpScheme, mode,        \
+                          CUSTOM_STANDARD_SCHEME, HTTP_SCHEME)                 \
+  CORS_TEST_REDIRECT_POST(name##CustomStandardSchemeToCustomStandardScheme,    \
+                          mode, CUSTOM_STANDARD_SCHEME,                        \
+                          CUSTOM_STANDARD_SCHEME)                              \
+  CORS_TEST_REDIRECT_POST(name##CustomStandardSchemeToCustomNonStandardScheme, \
+                          mode, CUSTOM_STANDARD_SCHEME,                        \
+                          CUSTOM_NONSTANDARD_SCHEME)                           \
+  CORS_TEST_REDIRECT_POST(name##CustomNonStandardSchemeToServer, mode,         \
+                          CUSTOM_NONSTANDARD_SCHEME, SERVER)                   \
+  CORS_TEST_REDIRECT_POST(name##CustomNonStandardSchemeToHttpScheme, mode,     \
+                          CUSTOM_NONSTANDARD_SCHEME, HTTP_SCHEME)              \
+  CORS_TEST_REDIRECT_POST(name##CustomNonStandardSchemeToCustomStandardScheme, \
+                          mode, CUSTOM_NONSTANDARD_SCHEME,                     \
+                          CUSTOM_STANDARD_SCHEME)                              \
+  CORS_TEST_REDIRECT_POST(                                                     \
+      name##CustomNonStandardSchemeToCustomNonStandardScheme, mode,            \
+      CUSTOM_NONSTANDARD_SCHEME, CUSTOM_NONSTANDARD_SCHEME)
+
+// Redirect GET requests.
+CORS_TEST_REDIRECT_POST_ALL(302, MODE_302)
+CORS_TEST_REDIRECT_POST_ALL(307, MODE_307)

tests/ceftests/scheme_handler_unittest.cc

@@ -2605,11 +2605,13 @@ void RegisterSchemeHandlerCustomSchemes(
   // Add a custom standard scheme.
   registrar->AddCustomScheme(
       "customstd", CEF_SCHEME_OPTION_STANDARD | CEF_SCHEME_OPTION_CORS_ENABLED);
+  cookiable_schemes.push_back("customstd");
   // Also used in cors_unittest.cc.
   registrar->AddCustomScheme("customstdfetch",
                              CEF_SCHEME_OPTION_STANDARD |
                                  CEF_SCHEME_OPTION_CORS_ENABLED |
                                  CEF_SCHEME_OPTION_FETCH_ENABLED);
+  cookiable_schemes.push_back("customstdfetch");
   // Add a custom non-standard scheme.
   registrar->AddCustomScheme("customnonstd", CEF_SCHEME_OPTION_NONE);
   registrar->AddCustomScheme("customnonstdfetch",

tests/ceftests/test_request.cc

@@ -94,6 +94,40 @@ class RequestClient : public CefURLRequestClient, public State {
   const RequestDoneCallback done_callback_;
 
   IMPLEMENT_REFCOUNTING(RequestClient);
+  DISALLOW_COPY_AND_ASSIGN(RequestClient);
+};
+
+// Implementation that collects all cookies, and optionally deletes them.
+class CookieVisitor : public CefCookieVisitor {
+ public:
+  CookieVisitor(bool deleteCookies, const CookieDoneCallback& callback)
+      : delete_cookies_(deleteCookies), callback_(callback) {
+    DCHECK(!callback_.is_null());
+  }
+
+  ~CookieVisitor() override {
+    CEF_REQUIRE_UI_THREAD();
+    callback_.Run(cookies_);
+  }
+
+  bool Visit(const CefCookie& cookie,
+             int count,
+             int total,
+             bool& deleteCookie) override {
+    CEF_REQUIRE_UI_THREAD();
+    cookies_.push_back(cookie);
+    if (delete_cookies_)
+      deleteCookie = true;
+    return true;
+  }
+
+ private:
+  CookieVector cookies_;
+  bool delete_cookies_;
+  CookieDoneCallback callback_;
+
+  IMPLEMENT_REFCOUNTING(CookieVisitor);
+  DISALLOW_COPY_AND_ASSIGN(CookieVisitor);
 };
 
 }  // namespace
@@ -145,4 +179,24 @@ CefRefPtr<CefResourceHandler> CreateResourceHandler(
       headerMap, stream);
 }
 
+void GetAllCookies(CefRefPtr<CefCookieManager> manager,
+                   bool deleteCookies,
+                   const CookieDoneCallback& callback) {
+  bool result =
+      manager->VisitAllCookies(new CookieVisitor(deleteCookies, callback));
+  DCHECK(result);
+}
+
+// Retrieves URL cookies from |manager| and executes |callback| upon completion.
+// If |deleteCookies| is true the cookies will also be deleted.
+void GetUrlCookies(CefRefPtr<CefCookieManager> manager,
+                   const CefString& url,
+                   bool includeHttpOnly,
+                   bool deleteCookies,
+                   const CookieDoneCallback& callback) {
+  bool result = manager->VisitUrlCookies(
+      url, includeHttpOnly, new CookieVisitor(deleteCookies, callback));
+  DCHECK(result);
+}
+
 }  // namespace test_request

tests/ceftests/test_request.h

@@ -9,6 +9,7 @@
 #include <string>
 
 #include "include/base/cef_bind.h"
+#include "include/cef_cookie.h"
 #include "include/cef_frame.h"
 #include "include/cef_request.h"
 #include "include/cef_request_context.h"
@@ -73,6 +74,23 @@ CefRefPtr<CefResourceHandler> CreateResourceHandler(
     CefRefPtr<CefResponse> response,
     const std::string& response_data);
 
+typedef std::vector<CefCookie> CookieVector;
+typedef base::Callback<void(const CookieVector& cookies)> CookieDoneCallback;
+
+// Retrieves all cookies from |manager| and executes |callback| upon completion.
+// If |deleteCookies| is true the cookies will also be deleted.
+void GetAllCookies(CefRefPtr<CefCookieManager> manager,
+                   bool deleteCookies,
+                   const CookieDoneCallback& callback);
+
+// Retrieves URL cookies from |manager| and executes |callback| upon completion.
+// If |deleteCookies| is true the cookies will also be deleted.
+void GetUrlCookies(CefRefPtr<CefCookieManager> manager,
+                   const CefString& url,
+                   bool includeHttpOnly,
+                   bool deleteCookies,
+                   const CookieDoneCallback& callback);
+
 }  // namespace test_request
 
 #endif  // CEF_TESTS_CEFTESTS_TEST_REQUEST_H_

tests/ceftests/test_server.cc

@@ -247,13 +247,20 @@ class ServerManager {
     // Use a copy in case |observer_list_| is modified during iteration.
     ObserverList list = observer_list_;
 
+    bool handled = false;
+
     ObserverList::const_iterator it = list.begin();
     for (; it != list.end(); ++it) {
       if ((*it)->OnHttpRequest(server, connection_id, client_address,
                                request)) {
+        handled = true;
         break;
       }
     }
+
+    if (!handled) {
+      server->SendHttp500Response(connection_id, "Unhandled request.");
+    }
   }
 
  private:

tests/ceftests/views/test_window_delegate.cc

@@ -68,7 +68,8 @@ void TestWindowDelegate::OnWindowCreated(CefRefPtr<CefWindow> window) {
   EXPECT_FALSE(window->GetWindowIcon().get());
   EXPECT_FALSE(window->GetWindowAppIcon().get());
 
-  EXPECT_TRUE(window->GetDisplay().get());
+  auto display = window->GetDisplay();
+  EXPECT_TRUE(display.get());
 
   // Size will come from GetGetInitialBounds() or GetPreferredSize() on
   // initial Window creation.
@@ -83,9 +84,10 @@ void TestWindowDelegate::OnWindowCreated(CefRefPtr<CefWindow> window) {
     EXPECT_EQ(config_.window_origin.x, client_bounds.x);
     EXPECT_EQ(config_.window_origin.y, client_bounds.y);
   } else {
-    // Default origin is (0,0).
-    EXPECT_EQ(0, client_bounds.x);
-    EXPECT_EQ(0, client_bounds.y);
+    // Default origin is the upper-left corner of the display's work area.
+    auto work_area = display->GetWorkArea();
+    EXPECT_EQ(work_area.x, client_bounds.x);
+    EXPECT_EQ(work_area.y, client_bounds.y);
   }
 
   if (config_.frameless) {