diff --git net/base/load_flags_list.h net/base/load_flags_list.h index 0e563dbb253ca..891b2bbc3785c 100644 --- net/base/load_flags_list.h +++ net/base/load_flags_list.h @@ -115,3 +115,6 @@ LOAD_FLAG(DISABLE_SHARED_DICTIONARY_AFTER_CROSS_ORIGIN_REDIRECT, 1 << 18) // This flag is used to bypass HSTS upgrades. This flag must be set for AIA, // CRL, and OCSP requests in order to prevent circular dependencies. LOAD_FLAG(SHOULD_BYPASS_HSTS, 1 << 19) + +// This load will not send any cookies. For CEF usage. +LOAD_FLAG(DO_NOT_SEND_COOKIES, 1 << 20) diff --git net/url_request/url_request_http_job.cc net/url_request/url_request_http_job.cc index 3afc5526490ed..096d171e93edc 100644 --- net/url_request/url_request_http_job.cc +++ net/url_request/url_request_http_job.cc @@ -1890,7 +1890,8 @@ bool URLRequestHttpJob::ShouldAddCookieHeader() const { // Read cookies whenever allow_credentials() is true, even if the PrivacyMode // is being overridden by NetworkDelegate and will eventually block them, as // blocked cookies still need to be logged in that case. - return request_->context()->cookie_store() && request_->allow_credentials(); + return request_->context()->cookie_store() && request_->allow_credentials() && + !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES); } bool URLRequestHttpJob::ShouldRecordPartitionedCookieUsage() const { diff --git services/network/public/cpp/resource_request.cc services/network/public/cpp/resource_request.cc index 39c94526163d0..9e7bdd53e91be 100644 --- services/network/public/cpp/resource_request.cc +++ services/network/public/cpp/resource_request.cc @@ -312,7 +312,8 @@ bool ResourceRequest::EqualsForTesting(const ResourceRequest& request) const { } bool ResourceRequest::SendsCookies() const { - return credentials_mode == network::mojom::CredentialsMode::kInclude; + return credentials_mode == network::mojom::CredentialsMode::kInclude && + !(load_flags & net::LOAD_DO_NOT_SEND_COOKIES); } bool ResourceRequest::SavesCookies() const {