diff --git net/base/load_flags_list.h net/base/load_flags_list.h index aeb79b46f5d21..bd57e874c1240 100644 --- net/base/load_flags_list.h +++ net/base/load_flags_list.h @@ -115,3 +115,6 @@ LOAD_FLAG(DISABLE_SHARED_DICTIONARY_AFTER_CROSS_ORIGIN_REDIRECT, 1 << 18) // This flag is used to bypass HSTS upgrades. This flag must be set for AIA, // CRL, and OCSP requests in order to prevent circular dependencies. LOAD_FLAG(SHOULD_BYPASS_HSTS, 1 << 19) + +// This load will not send any cookies. For CEF usage. +LOAD_FLAG(DO_NOT_SEND_COOKIES, 1 << 20) diff --git net/url_request/url_request_http_job.cc net/url_request/url_request_http_job.cc index b1ffe26b43448..99266abd58e01 100644 --- net/url_request/url_request_http_job.cc +++ net/url_request/url_request_http_job.cc @@ -2079,7 +2079,8 @@ bool URLRequestHttpJob::ShouldAddCookieHeader() const { // Read cookies whenever allow_credentials() is true, even if the PrivacyMode // is being overridden by NetworkDelegate and will eventually block them, as // blocked cookies still need to be logged in that case. - return request_->context()->cookie_store() && request_->allow_credentials(); + return request_->context()->cookie_store() && request_->allow_credentials() && + !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES); } bool URLRequestHttpJob::ShouldRecordPartitionedCookieUsage() const { diff --git services/network/public/cpp/resource_request.cc services/network/public/cpp/resource_request.cc index 28bf295032c89..e625f00f49603 100644 --- services/network/public/cpp/resource_request.cc +++ services/network/public/cpp/resource_request.cc @@ -324,7 +324,8 @@ bool ResourceRequest::EqualsForTesting(const ResourceRequest& request) const { } bool ResourceRequest::SendsCookies() const { - return credentials_mode == network::mojom::CredentialsMode::kInclude; + return credentials_mode == network::mojom::CredentialsMode::kInclude && + !(load_flags & net::LOAD_DO_NOT_SEND_COOKIES); } bool ResourceRequest::SavesCookies() const {