unplugged-system/external/cronet/net/cookies/cookie_util.h

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_COOKIES_COOKIE_UTIL_H_
#define NET_COOKIES_COOKIE_UTIL_H_

#include <string>
#include <vector>

#include "base/functional/callback_forward.h"
#include "base/time/time.h"
#include "net/base/net_export.h"
#include "net/cookies/canonical_cookie.h"
#include "net/cookies/cookie_access_result.h"
#include "net/cookies/cookie_constants.h"
#include "net/cookies/cookie_options.h"
#include "net/cookies/site_for_cookies.h"
#include "net/first_party_sets/first_party_set_metadata.h"
#include "third_party/abseil-cpp/absl/types/optional.h"
#include "url/origin.h"

class GURL;

namespace net {

class IsolationInfo;
class SchemefulSite;
class CookieAccessDelegate;
class CookieInclusionStatus;

namespace cookie_util {

// Constants for use in VLOG
const int kVlogPerCookieMonster = 1;
const int kVlogSetCookies = 7;
const int kVlogGarbageCollection = 5;

// This enum must match the numbering for StorageAccessResult in
// histograms/enums.xml. Do not reorder or remove items, only add new items
// at the end.
enum class StorageAccessResult {
  ACCESS_BLOCKED = 0,
  ACCESS_ALLOWED = 1,
  ACCESS_ALLOWED_STORAGE_ACCESS_GRANT = 2,
  ACCESS_ALLOWED_FORCED = 3,
  ACCESS_ALLOWED_TOP_LEVEL_STORAGE_ACCESS_GRANT = 4,
  kMaxValue = ACCESS_ALLOWED_TOP_LEVEL_STORAGE_ACCESS_GRANT,
};
// Helper to fire telemetry indicating if a given request for storage was
// allowed or not by the provided |result|.
NET_EXPORT void FireStorageAccessHistogram(StorageAccessResult result);

// Returns the effective TLD+1 for a given host. This only makes sense for http
// and https schemes. For other schemes, the host will be returned unchanged
// (minus any leading period).
NET_EXPORT std::string GetEffectiveDomain(const std::string& scheme,
                                          const std::string& host);

// Determine the actual cookie domain based on the domain string passed
// (if any) and the URL from which the cookie came.
// On success returns true, and sets cookie_domain to either a
//   -host cookie domain (ex: "google.com")
//   -domain cookie domain (ex: ".google.com")
// On success, DomainIsHostOnly(url.host()) is DCHECKed. The URL's host must not
// begin with a '.' character.
NET_EXPORT bool GetCookieDomainWithString(const GURL& url,
                                          const std::string& domain_string,
                                          CookieInclusionStatus& status,
                                          std::string* result);

// Returns true if a domain string represents a host-only cookie,
// i.e. it doesn't begin with a leading '.' character.
NET_EXPORT bool DomainIsHostOnly(const std::string& domain_string);

// If |cookie_domain| is nonempty and starts with a "." character, this returns
// the substring of |cookie_domain| without the leading dot. (Note only one
// leading dot is stripped, if there are multiple.) Otherwise it returns
// |cookie_domain|. This is useful for converting from CanonicalCookie's
// representation of a cookie domain to the RFC's notion of a cookie's domain.
NET_EXPORT std::string CookieDomainAsHost(const std::string& cookie_domain);

// Parses the string with the cookie expiration time (very forgivingly).
// Returns the "null" time on failure.
//
// If the expiration date is below or above the platform-specific range
// supported by Time::FromUTCExplodeded(), then this will return Time(1) or
// Time::Max(), respectively.
NET_EXPORT base::Time ParseCookieExpirationTime(const std::string& time_string);

// Get a cookie's URL from it's domain, path, and source scheme.
// The first field can be the combined domain-and-host-only-flag (e.g. the
// string returned by CanonicalCookie::Domain()) as opposed to the domain
// attribute per RFC6265bis. The GURL is constructed after stripping off any
// leading dot.
// Note: the GURL returned by this method is not guaranteed to be valid.
NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,
                                         const std::string& path,
                                         const std::string& source_scheme);
NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,
                                         const std::string& path,
                                         bool is_https);
NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,
                                         const std::string& path,
                                         CookieSourceScheme source_scheme);

// Convenience for converting a cookie origin (domain and https pair) to a URL.
NET_EXPORT GURL CookieOriginToURL(const std::string& domain, bool is_https);

// Returns a URL that could have been the cookie's source.
// Not guaranteed to actually be the URL that set the cookie. Not guaranteed to
// be a valid GURL. Intended as a shim for SetCanonicalCookieAsync calls, where
// a source URL is required but only a source scheme may be available.
NET_EXPORT GURL SimulatedCookieSource(const CanonicalCookie& cookie,
                                      const std::string& source_scheme);

// Provisional evaluation of acceptability of setting secure cookies on
// `source_url` based only on the `source_url`'s scheme and whether it
// is a localhost URL.  If this returns kNonCryptographic, it may be upgraded to
// kTrustworthy by a CookieAccessDelegate when the cookie operation is being
// performed, as the delegate may have access to user settings like manually
// configured test domains which declare additional things trustworthy.
NET_EXPORT CookieAccessScheme ProvisionalAccessScheme(const GURL& source_url);

// |domain| is the output of cookie.Domain() for some cookie. This returns true
// if a |domain| indicates that the cookie can be accessed by |host|.
// See comment on CanonicalCookie::IsDomainMatch().
NET_EXPORT bool IsDomainMatch(const std::string& domain,
                              const std::string& host);

// Returns true if the given |url_path| path-matches |cookie_path|
// as described in section 5.1.4 in RFC 6265. This returns true if |cookie_path|
// and |url_path| are identical, or if |url_path| is a subdirectory of
// |cookie_path|.
NET_EXPORT bool IsOnPath(const std::string& cookie_path,
                         const std::string& url_path);

// A ParsedRequestCookie consists of the key and value of the cookie.
using ParsedRequestCookie = std::pair<std::string, std::string>;
using ParsedRequestCookies = std::vector<ParsedRequestCookie>;

// Assumes that |header_value| is the cookie header value of a HTTP Request
// following the cookie-string schema of RFC 6265, section 4.2.1, and returns
// cookie name/value pairs. If cookie values are presented in double quotes,
// these will appear in |parsed_cookies| as well. The cookie header can be
// written by non-Chromium consumers (such as extensions), so the header may not
// be well-formed.
NET_EXPORT void ParseRequestCookieLine(const std::string& header_value,
                                       ParsedRequestCookies* parsed_cookies);

// Writes all cookies of |parsed_cookies| into a HTTP Request header value
// that belongs to the "Cookie" header. The entries of |parsed_cookies| must
// already be appropriately escaped.
NET_EXPORT std::string SerializeRequestCookieLine(
    const ParsedRequestCookies& parsed_cookies);

// Determines which of the cookies for the request URL can be accessed, with
// respect to the SameSite attribute. This applies to looking up existing
// cookies for HTTP requests. For looking up cookies for non-HTTP APIs (i.e.,
// JavaScript), see ComputeSameSiteContextForScriptGet. For setting new cookies,
// see ComputeSameSiteContextForResponse and ComputeSameSiteContextForScriptSet.
//
// `url_chain` is a non-empty vector of URLs, the last of which is the current
// request URL. It represents the redirect chain of the current request. The
// redirect chain is used to calculate whether there has been a cross-site
// redirect. In order for a context to be deemed strictly same-site, there must
// not have been any cross-site redirects.
//
// `site_for_cookies` is the currently navigated to site that should be
// considered "first-party" for cookies.
//
// `initiator` is the origin ultimately responsible for getting the request
// issued. It may be different from `site_for_cookies`.
//
// absl::nullopt for `initiator` denotes that the navigation was initiated by
// the user directly interacting with the browser UI, e.g. entering a URL
// or selecting a bookmark.
//
// `is_main_frame_navigation` is whether the request is for a navigation that
// targets the main frame or top-level browsing context. These requests may
// sometimes send SameSite=Lax cookies but not SameSite=Strict cookies.
//
// If `force_ignore_site_for_cookies` is specified, all SameSite cookies will be
// attached, i.e. this will return SAME_SITE_STRICT. This flag is set to true
// when the `site_for_cookies` is a chrome:// URL embedding a secure origin,
// among other scenarios.
// This is *not* set when the *initiator* is chrome-extension://,
// which is intentional, since it would be bad to let an extension arbitrarily
// redirect anywhere and bypass SameSite=Strict rules.
//
// See also documentation for corresponding methods on net::URLRequest.
//
// `http_method` is used to enforce the requirement that, in a context that's
// lax same-site but not strict same-site, SameSite=lax cookies be only sent
// when the method is "safe" in the RFC7231 section 4.2.1 sense.
NET_EXPORT CookieOptions::SameSiteCookieContext
ComputeSameSiteContextForRequest(const std::string& http_method,
                                 const std::vector<GURL>& url_chain,
                                 const SiteForCookies& site_for_cookies,
                                 const absl::optional<url::Origin>& initiator,
                                 bool is_main_frame_navigation,
                                 bool force_ignore_site_for_cookies);

// As above, but applying for scripts. `initiator` here should be the initiator
// used when fetching the document.
// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_STRICT.
NET_EXPORT CookieOptions::SameSiteCookieContext
ComputeSameSiteContextForScriptGet(const GURL& url,
                                   const SiteForCookies& site_for_cookies,
                                   const absl::optional<url::Origin>& initiator,
                                   bool force_ignore_site_for_cookies);

// Determines which of the cookies for the request URL can be set from a network
// response, with respect to the SameSite attribute. This will only return
// CROSS_SITE or SAME_SITE_LAX (cookie sets of SameSite=strict cookies are
// permitted in same contexts that sets of SameSite=lax cookies are).
// `url_chain` is a non-empty vector of URLs, the last of which is the current
// request URL. It represents the redirect chain of the current request. The
// redirect chain is used to calculate whether there has been a cross-site
// redirect.
// `is_main_frame_navigation` is whether the request was for a navigation that
// targets the main frame or top-level browsing context. Both SameSite=Lax and
// SameSite=Strict cookies may be set by any main frame navigation.
// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX.
NET_EXPORT CookieOptions::SameSiteCookieContext
ComputeSameSiteContextForResponse(const std::vector<GURL>& url_chain,
                                  const SiteForCookies& site_for_cookies,
                                  const absl::optional<url::Origin>& initiator,
                                  bool is_main_frame_navigation,
                                  bool force_ignore_site_for_cookies);

// Determines which of the cookies for `url` can be set from a script context,
// with respect to the SameSite attribute. This will only return CROSS_SITE or
// SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same
// contexts that sets of SameSite=lax cookies are).
// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX.
NET_EXPORT CookieOptions::SameSiteCookieContext
ComputeSameSiteContextForScriptSet(const GURL& url,
                                   const SiteForCookies& site_for_cookies,
                                   bool force_ignore_site_for_cookies);

// Determines which of the cookies for |url| can be accessed when fetching a
// subresources. This is either CROSS_SITE or SAME_SITE_STRICT,
// since the initiator for a subresource is the frame loading it.
NET_EXPORT CookieOptions::SameSiteCookieContext
// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_STRICT.
ComputeSameSiteContextForSubresource(const GURL& url,
                                     const SiteForCookies& site_for_cookies,
                                     bool force_ignore_site_for_cookies);

// Returns whether the respective feature is enabled.
NET_EXPORT bool IsSchemefulSameSiteEnabled();

// Computes the First-Party Sets metadata, determining which of the cookies for
// `request_site` can be accessed. `isolation_info` must be fully populated.  If
// `force_ignore_top_frame_party` is true, the top frame from `isolation_info`
// will be assumed to be same-party with `request_site`, regardless of what it
// is.
//
// The result may be returned synchronously, or `callback` may be invoked
// asynchronously with the result. The callback will be invoked iff the return
// value is nullopt; i.e. a result will be provided via return value or
// callback, but not both, and not neither.
[[nodiscard]] NET_EXPORT absl::optional<FirstPartySetMetadata>
ComputeFirstPartySetMetadataMaybeAsync(
    const SchemefulSite& request_site,
    const IsolationInfo& isolation_info,
    const CookieAccessDelegate* cookie_access_delegate,
    bool force_ignore_top_frame_party,
    base::OnceCallback<void(FirstPartySetMetadata)> callback);

// Converts a string representing the http request method to its enum
// representation.
NET_EXPORT CookieOptions::SameSiteCookieContext::ContextMetadata::HttpMethod
HttpMethodStringToEnum(const std::string& in);

// Get the SameParty inclusion status. If the cookie is not SameParty, returns
// kNoSamePartyEnforcement; if the cookie is SameParty but does not have a
// valid context, returns kEnforceSamePartyExclude.
NET_EXPORT CookieSamePartyStatus
GetSamePartyStatus(const CanonicalCookie& cookie,
                   const CookieOptions& options,
                   bool same_party_attribute_enabled);

// Takes a CookieAccessResult and returns a bool, returning true if the
// CookieInclusionStatus in CookieAccessResult was set to "include", else
// returning false.
//
// Can be used with SetCanonicalCookie when you don't need to know why a cookie
// was blocked, only whether it was blocked.
NET_EXPORT bool IsCookieAccessResultInclude(
    CookieAccessResult cookie_access_result);

// Turn a CookieAccessResultList into a CookieList by stripping out access
// results (for callers who only care about cookies).
NET_EXPORT CookieList
StripAccessResults(const CookieAccessResultList& cookie_access_result_list);

// Records port related metrics from Omnibox navigations.
NET_EXPORT void RecordCookiePortOmniboxHistograms(const GURL& url);

// Checks invariants that should be upheld w.r.t. the included and excluded
// cookies. Namely: the included cookies should be elements of
// `included_cookies`; excluded cookies should be elements of
// `excluded_cookies`; and included cookies should be in the correct sorted
// order.
NET_EXPORT void DCheckIncludedAndExcludedCookieLists(
    const CookieAccessResultList& included_cookies,
    const CookieAccessResultList& excluded_cookies);

}  // namespace cookie_util

}  // namespace net

#endif  // NET_COOKIES_COOKIE_UTIL_H_
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`// Copyright 2012 The Chromium Authors`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

			`#ifndef NET_COOKIES_COOKIE_UTIL_H_`
			`#define NET_COOKIES_COOKIE_UTIL_H_`

			`#include <string>`
			`#include <vector>`

			`#include "base/functional/callback_forward.h"`
			`#include "base/time/time.h"`
			`#include "net/base/net_export.h"`
			`#include "net/cookies/canonical_cookie.h"`
			`#include "net/cookies/cookie_access_result.h"`
			`#include "net/cookies/cookie_constants.h"`
			`#include "net/cookies/cookie_options.h"`
			`#include "net/cookies/site_for_cookies.h"`
			`#include "net/first_party_sets/first_party_set_metadata.h"`
			`#include "third_party/abseil-cpp/absl/types/optional.h"`
			`#include "url/origin.h"`

			`class GURL;`

			`namespace net {`

			`class IsolationInfo;`
			`class SchemefulSite;`
			`class CookieAccessDelegate;`
			`class CookieInclusionStatus;`

			`namespace cookie_util {`

			`// Constants for use in VLOG`
			`const int kVlogPerCookieMonster = 1;`
			`const int kVlogSetCookies = 7;`
			`const int kVlogGarbageCollection = 5;`

			`// This enum must match the numbering for StorageAccessResult in`
			`// histograms/enums.xml. Do not reorder or remove items, only add new items`
			`// at the end.`
			`enum class StorageAccessResult {`
			`ACCESS_BLOCKED = 0,`
			`ACCESS_ALLOWED = 1,`
			`ACCESS_ALLOWED_STORAGE_ACCESS_GRANT = 2,`
			`ACCESS_ALLOWED_FORCED = 3,`
			`ACCESS_ALLOWED_TOP_LEVEL_STORAGE_ACCESS_GRANT = 4,`
			`kMaxValue = ACCESS_ALLOWED_TOP_LEVEL_STORAGE_ACCESS_GRANT,`
			`};`
			`// Helper to fire telemetry indicating if a given request for storage was`
			`// allowed or not by the provided \|result\|.`
			`NET_EXPORT void FireStorageAccessHistogram(StorageAccessResult result);`

			`// Returns the effective TLD+1 for a given host. This only makes sense for http`
			`// and https schemes. For other schemes, the host will be returned unchanged`
			`// (minus any leading period).`
			`NET_EXPORT std::string GetEffectiveDomain(const std::string& scheme,`
			`const std::string& host);`

			`// Determine the actual cookie domain based on the domain string passed`
			`// (if any) and the URL from which the cookie came.`
			`// On success returns true, and sets cookie_domain to either a`
			`// -host cookie domain (ex: "google.com")`
			`// -domain cookie domain (ex: ".google.com")`
			`// On success, DomainIsHostOnly(url.host()) is DCHECKed. The URL's host must not`
			`// begin with a '.' character.`
			`NET_EXPORT bool GetCookieDomainWithString(const GURL& url,`
			`const std::string& domain_string,`
			`CookieInclusionStatus& status,`
			`std::string* result);`

			`// Returns true if a domain string represents a host-only cookie,`
			`// i.e. it doesn't begin with a leading '.' character.`
			`NET_EXPORT bool DomainIsHostOnly(const std::string& domain_string);`

			`// If \|cookie_domain\| is nonempty and starts with a "." character, this returns`
			`// the substring of \|cookie_domain\| without the leading dot. (Note only one`
			`// leading dot is stripped, if there are multiple.) Otherwise it returns`
			`// \|cookie_domain\|. This is useful for converting from CanonicalCookie's`
			`// representation of a cookie domain to the RFC's notion of a cookie's domain.`
			`NET_EXPORT std::string CookieDomainAsHost(const std::string& cookie_domain);`

			`// Parses the string with the cookie expiration time (very forgivingly).`
			`// Returns the "null" time on failure.`
			`//`
			`// If the expiration date is below or above the platform-specific range`
			`// supported by Time::FromUTCExplodeded(), then this will return Time(1) or`
			`// Time::Max(), respectively.`
			`NET_EXPORT base::Time ParseCookieExpirationTime(const std::string& time_string);`

			`// Get a cookie's URL from it's domain, path, and source scheme.`
			`// The first field can be the combined domain-and-host-only-flag (e.g. the`
			`// string returned by CanonicalCookie::Domain()) as opposed to the domain`
			`// attribute per RFC6265bis. The GURL is constructed after stripping off any`
			`// leading dot.`
			`// Note: the GURL returned by this method is not guaranteed to be valid.`
			`NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,`
			`const std::string& path,`
			`const std::string& source_scheme);`
			`NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,`
			`const std::string& path,`
			`bool is_https);`
			`NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain,`
			`const std::string& path,`
			`CookieSourceScheme source_scheme);`

			`// Convenience for converting a cookie origin (domain and https pair) to a URL.`
			`NET_EXPORT GURL CookieOriginToURL(const std::string& domain, bool is_https);`

			`// Returns a URL that could have been the cookie's source.`
			`// Not guaranteed to actually be the URL that set the cookie. Not guaranteed to`
			`// be a valid GURL. Intended as a shim for SetCanonicalCookieAsync calls, where`
			`// a source URL is required but only a source scheme may be available.`
			`NET_EXPORT GURL SimulatedCookieSource(const CanonicalCookie& cookie,`
			`const std::string& source_scheme);`

			`// Provisional evaluation of acceptability of setting secure cookies on`
			// `source_url` based only on the `source_url`'s scheme and whether it
			`// is a localhost URL. If this returns kNonCryptographic, it may be upgraded to`
			`// kTrustworthy by a CookieAccessDelegate when the cookie operation is being`
			`// performed, as the delegate may have access to user settings like manually`
			`// configured test domains which declare additional things trustworthy.`
			`NET_EXPORT CookieAccessScheme ProvisionalAccessScheme(const GURL& source_url);`

			`// \|domain\| is the output of cookie.Domain() for some cookie. This returns true`
			`// if a \|domain\| indicates that the cookie can be accessed by \|host\|.`
			`// See comment on CanonicalCookie::IsDomainMatch().`
			`NET_EXPORT bool IsDomainMatch(const std::string& domain,`
			`const std::string& host);`

			`// Returns true if the given \|url_path\| path-matches \|cookie_path\|`
			`// as described in section 5.1.4 in RFC 6265. This returns true if \|cookie_path\|`
			`// and \|url_path\| are identical, or if \|url_path\| is a subdirectory of`
			`// \|cookie_path\|.`
			`NET_EXPORT bool IsOnPath(const std::string& cookie_path,`
			`const std::string& url_path);`

			`// A ParsedRequestCookie consists of the key and value of the cookie.`
			`using ParsedRequestCookie = std::pair<std::string, std::string>;`
			`using ParsedRequestCookies = std::vector<ParsedRequestCookie>;`

			`// Assumes that \|header_value\| is the cookie header value of a HTTP Request`
			`// following the cookie-string schema of RFC 6265, section 4.2.1, and returns`
			`// cookie name/value pairs. If cookie values are presented in double quotes,`
			`// these will appear in \|parsed_cookies\| as well. The cookie header can be`
			`// written by non-Chromium consumers (such as extensions), so the header may not`
			`// be well-formed.`
			`NET_EXPORT void ParseRequestCookieLine(const std::string& header_value,`
			`ParsedRequestCookies* parsed_cookies);`

			`// Writes all cookies of \|parsed_cookies\| into a HTTP Request header value`
			`// that belongs to the "Cookie" header. The entries of \|parsed_cookies\| must`
			`// already be appropriately escaped.`
			`NET_EXPORT std::string SerializeRequestCookieLine(`
			`const ParsedRequestCookies& parsed_cookies);`

			`// Determines which of the cookies for the request URL can be accessed, with`
			`// respect to the SameSite attribute. This applies to looking up existing`
			`// cookies for HTTP requests. For looking up cookies for non-HTTP APIs (i.e.,`
			`// JavaScript), see ComputeSameSiteContextForScriptGet. For setting new cookies,`
			`// see ComputeSameSiteContextForResponse and ComputeSameSiteContextForScriptSet.`
			`//`
			// `url_chain` is a non-empty vector of URLs, the last of which is the current
			`// request URL. It represents the redirect chain of the current request. The`
			`// redirect chain is used to calculate whether there has been a cross-site`
			`// redirect. In order for a context to be deemed strictly same-site, there must`
			`// not have been any cross-site redirects.`
			`//`
			// `site_for_cookies` is the currently navigated to site that should be
			`// considered "first-party" for cookies.`
			`//`
			// `initiator` is the origin ultimately responsible for getting the request
			// issued. It may be different from `site_for_cookies`.
			`//`
			// absl::nullopt for `initiator` denotes that the navigation was initiated by
			`// the user directly interacting with the browser UI, e.g. entering a URL`
			`// or selecting a bookmark.`
			`//`
			// `is_main_frame_navigation` is whether the request is for a navigation that
			`// targets the main frame or top-level browsing context. These requests may`
			`// sometimes send SameSite=Lax cookies but not SameSite=Strict cookies.`
			`//`
			// If `force_ignore_site_for_cookies` is specified, all SameSite cookies will be
			`// attached, i.e. this will return SAME_SITE_STRICT. This flag is set to true`
			// when the `site_for_cookies` is a chrome:// URL embedding a secure origin,
			`// among other scenarios.`
			`// This is not set when the initiator is chrome-extension://,`
			`// which is intentional, since it would be bad to let an extension arbitrarily`
			`// redirect anywhere and bypass SameSite=Strict rules.`
			`//`
			`// See also documentation for corresponding methods on net::URLRequest.`
			`//`
			// `http_method` is used to enforce the requirement that, in a context that's
			`// lax same-site but not strict same-site, SameSite=lax cookies be only sent`
			`// when the method is "safe" in the RFC7231 section 4.2.1 sense.`
			`NET_EXPORT CookieOptions::SameSiteCookieContext`
			`ComputeSameSiteContextForRequest(const std::string& http_method,`
			`const std::vector<GURL>& url_chain,`
			`const SiteForCookies& site_for_cookies,`
			`const absl::optional<url::Origin>& initiator,`
			`bool is_main_frame_navigation,`
			`bool force_ignore_site_for_cookies);`

			// As above, but applying for scripts. `initiator` here should be the initiator
			`// used when fetching the document.`
			// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_STRICT.
			`NET_EXPORT CookieOptions::SameSiteCookieContext`
			`ComputeSameSiteContextForScriptGet(const GURL& url,`
			`const SiteForCookies& site_for_cookies,`
			`const absl::optional<url::Origin>& initiator,`
			`bool force_ignore_site_for_cookies);`

			`// Determines which of the cookies for the request URL can be set from a network`
			`// response, with respect to the SameSite attribute. This will only return`
			`// CROSS_SITE or SAME_SITE_LAX (cookie sets of SameSite=strict cookies are`
			`// permitted in same contexts that sets of SameSite=lax cookies are).`
			// `url_chain` is a non-empty vector of URLs, the last of which is the current
			`// request URL. It represents the redirect chain of the current request. The`
			`// redirect chain is used to calculate whether there has been a cross-site`
			`// redirect.`
			// `is_main_frame_navigation` is whether the request was for a navigation that
			`// targets the main frame or top-level browsing context. Both SameSite=Lax and`
			`// SameSite=Strict cookies may be set by any main frame navigation.`
			// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX.
			`NET_EXPORT CookieOptions::SameSiteCookieContext`
			`ComputeSameSiteContextForResponse(const std::vector<GURL>& url_chain,`
			`const SiteForCookies& site_for_cookies,`
			`const absl::optional<url::Origin>& initiator,`
			`bool is_main_frame_navigation,`
			`bool force_ignore_site_for_cookies);`

			// Determines which of the cookies for `url` can be set from a script context,
			`// with respect to the SameSite attribute. This will only return CROSS_SITE or`
			`// SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same`
			`// contexts that sets of SameSite=lax cookies are).`
			// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX.
			`NET_EXPORT CookieOptions::SameSiteCookieContext`
			`ComputeSameSiteContextForScriptSet(const GURL& url,`
			`const SiteForCookies& site_for_cookies,`
			`bool force_ignore_site_for_cookies);`

			`// Determines which of the cookies for \|url\| can be accessed when fetching a`
			`// subresources. This is either CROSS_SITE or SAME_SITE_STRICT,`
			`// since the initiator for a subresource is the frame loading it.`
			`NET_EXPORT CookieOptions::SameSiteCookieContext`
			`// If \|force_ignore_site_for_cookies\| is true, this returns SAME_SITE_STRICT.`
			`ComputeSameSiteContextForSubresource(const GURL& url,`
			`const SiteForCookies& site_for_cookies,`
			`bool force_ignore_site_for_cookies);`

			`// Returns whether the respective feature is enabled.`
			`NET_EXPORT bool IsSchemefulSameSiteEnabled();`

			`// Computes the First-Party Sets metadata, determining which of the cookies for`
			// `request_site` can be accessed. `isolation_info` must be fully populated. If
			// `force_ignore_top_frame_party` is true, the top frame from `isolation_info`
			// will be assumed to be same-party with `request_site`, regardless of what it
			`// is.`
			`//`
			// The result may be returned synchronously, or `callback` may be invoked
			`// asynchronously with the result. The callback will be invoked iff the return`
			`// value is nullopt; i.e. a result will be provided via return value or`
			`// callback, but not both, and not neither.`
			`[[nodiscard]] NET_EXPORT absl::optional<FirstPartySetMetadata>`
			`ComputeFirstPartySetMetadataMaybeAsync(`
			`const SchemefulSite& request_site,`
			`const IsolationInfo& isolation_info,`
			`const CookieAccessDelegate* cookie_access_delegate,`
			`bool force_ignore_top_frame_party,`
			`base::OnceCallback<void(FirstPartySetMetadata)> callback);`

			`// Converts a string representing the http request method to its enum`
			`// representation.`
			`NET_EXPORT CookieOptions::SameSiteCookieContext::ContextMetadata::HttpMethod`
			`HttpMethodStringToEnum(const std::string& in);`

			`// Get the SameParty inclusion status. If the cookie is not SameParty, returns`
			`// kNoSamePartyEnforcement; if the cookie is SameParty but does not have a`
			`// valid context, returns kEnforceSamePartyExclude.`
			`NET_EXPORT CookieSamePartyStatus`
			`GetSamePartyStatus(const CanonicalCookie& cookie,`
			`const CookieOptions& options,`
			`bool same_party_attribute_enabled);`

			`// Takes a CookieAccessResult and returns a bool, returning true if the`
			`// CookieInclusionStatus in CookieAccessResult was set to "include", else`
			`// returning false.`
			`//`
			`// Can be used with SetCanonicalCookie when you don't need to know why a cookie`
			`// was blocked, only whether it was blocked.`
			`NET_EXPORT bool IsCookieAccessResultInclude(`
			`CookieAccessResult cookie_access_result);`

			`// Turn a CookieAccessResultList into a CookieList by stripping out access`
			`// results (for callers who only care about cookies).`
			`NET_EXPORT CookieList`
			`StripAccessResults(const CookieAccessResultList& cookie_access_result_list);`

			`// Records port related metrics from Omnibox navigations.`
			`NET_EXPORT void RecordCookiePortOmniboxHistograms(const GURL& url);`

			`// Checks invariants that should be upheld w.r.t. the included and excluded`
			`// cookies. Namely: the included cookies should be elements of`
			// `included_cookies`; excluded cookies should be elements of
			// `excluded_cookies`; and included cookies should be in the correct sorted
			`// order.`
			`NET_EXPORT void DCheckIncludedAndExcludedCookieLists(`
			`const CookieAccessResultList& included_cookies,`
			`const CookieAccessResultList& excluded_cookies);`

			`} // namespace cookie_util`

			`} // namespace net`

			`#endif // NET_COOKIES_COOKIE_UTIL_H_`