BASELINE: Update Chromium to 71.0.3578.93

Change-Id: I6a32086c33670e1b033f8b10e6bf1fd4da1d105d
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>

9 files changed, 142 insertions, 57 deletions

diff --git a/chromium/net/cookies/canonical_cookie.h b/chromium/net/cookies/canonical_cookie.h
index e5d05ff58e9..2352135b471 100644
--- a/chromium/net/cookies/canonical_cookie.h
+++ b/chromium/net/cookies/canonical_cookie.h
@@ -7,6 +7,7 @@
 
 #include <memory>
 #include <string>
+#include <tuple>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
@@ -107,6 +108,12 @@ class NET_EXPORT CanonicalCookie {
             && path_ == ecc.Path());
   }
 
+  // Returns a key such that two cookies with the same UniqueKey() are
+  // guaranteed to be equivalent in the sense of IsEquivalent().
+  std::tuple<std::string, std::string, std::string> UniqueKey() const {
+    return std::make_tuple(name_, domain_, path_);
+  }
+
   // Checks a looser set of equivalency rules than 'IsEquivalent()' in order
   // to support the stricter 'Secure' behaviors specified in
   // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone#section-3
diff --git a/chromium/net/cookies/cookie_monster.cc b/chromium/net/cookies/cookie_monster.cc
index 40f30163370..069df69cf6f 100644
--- a/chromium/net/cookies/cookie_monster.cc
+++ b/chromium/net/cookies/cookie_monster.cc
@@ -617,9 +617,8 @@ CookieMonster::~CookieMonster() {
 
   // TODO(mmenke): Does it really make sense to run
   // CookieChanged callbacks when the CookieStore is destroyed?
-  for (CookieMap::iterator cookie_it = cookies_.begin();
-       cookie_it != cookies_.end();) {
-    CookieMap::iterator current_cookie_it = cookie_it;
+  for (auto cookie_it = cookies_.begin(); cookie_it != cookies_.end();) {
+    auto current_cookie_it = cookie_it;
     ++cookie_it;
     InternalDeleteCookie(current_cookie_it, false /* sync_to_store */,
                          DELETE_COOKIE_DONT_RECORD);
@@ -681,8 +680,8 @@ void CookieMonster::DeleteAllCreatedInTimeRange(const TimeRange& creation_range,
   DCHECK(thread_checker_.CalledOnValidThread());
 
   uint32_t num_deleted = 0;
-  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
-    CookieMap::iterator curit = it;
+  for (auto it = cookies_.begin(); it != cookies_.end();) {
+    auto curit = it;
     CanonicalCookie* cc = curit->second.get();
     ++it;
 
@@ -702,8 +701,8 @@ void CookieMonster::DeleteAllCreatedInTimeRange(const TimeRange& creation_range,
 void CookieMonster::DeleteAllMatchingInfo(CookieDeletionInfo delete_info,
                                           DeleteCallback callback) {
   uint32_t num_deleted = 0;
-  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
-    CookieMap::iterator curit = it;
+  for (auto it = cookies_.begin(); it != cookies_.end();) {
+    auto curit = it;
     CanonicalCookie* cc = curit->second.get();
     ++it;
 
@@ -778,8 +777,8 @@ void CookieMonster::DeleteCookie(const GURL& url,
     matching_cookies.insert(cookie);
   }
 
-  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
-    CookieMap::iterator curit = it;
+  for (auto it = cookies_.begin(); it != cookies_.end();) {
+    auto curit = it;
     ++it;
     if (matching_cookies.find(curit->second.get()) != matching_cookies.end()) {
       InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPLICIT);
@@ -824,8 +823,8 @@ void CookieMonster::DeleteSessionCookies(DeleteCallback callback) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   uint32_t num_deleted = 0;
-  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
-    CookieMap::iterator curit = it;
+  for (auto it = cookies_.begin(); it != cookies_.end();) {
+    auto curit = it;
     CanonicalCookie* cc = curit->second.get();
     ++it;
 
@@ -917,8 +916,8 @@ void CookieMonster::StoreLoadedCookies(
 
   for (auto& cookie : cookies) {
     CanonicalCookie* cookie_ptr = cookie.get();
-    CookieMap::iterator inserted = InternalInsertCookie(
-        GetKey(cookie_ptr->Domain()), std::move(cookie), false);
+    auto inserted = InternalInsertCookie(GetKey(cookie_ptr->Domain()),
+                                         std::move(cookie), false);
     const Time cookie_access_time(cookie_ptr->LastAccessDate());
     if (earliest_access_time_.is_null() ||
         cookie_access_time < earliest_access_time_) {
@@ -933,9 +932,9 @@ void CookieMonster::StoreLoadedCookies(
 
   // Any cookies that contain control characters that we have loaded from the
   // persistent store should be deleted. See http://crbug.com/238041.
-  for (CookieItVector::iterator it = cookies_with_control_chars.begin();
+  for (auto it = cookies_with_control_chars.begin();
        it != cookies_with_control_chars.end();) {
-    CookieItVector::iterator curit = it;
+    auto curit = it;
     ++it;
 
     InternalDeleteCookie(*curit, true, DELETE_COOKIE_CONTROL_CHAR);
@@ -984,11 +983,11 @@ void CookieMonster::EnsureCookiesMapIsValid() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   // Iterate through all the of the cookies, grouped by host.
-  CookieMap::iterator prev_range_end = cookies_.begin();
+  auto prev_range_end = cookies_.begin();
   while (prev_range_end != cookies_.end()) {
-    CookieMap::iterator cur_range_begin = prev_range_end;
+    auto cur_range_begin = prev_range_end;
     const std::string key = cur_range_begin->first;  // Keep a copy.
-    CookieMap::iterator cur_range_end = cookies_.upper_bound(key);
+    auto cur_range_end = cookies_.upper_bound(key);
     prev_range_end = cur_range_end;
 
     // Ensure no equivalent cookies for this host.
@@ -1013,7 +1012,7 @@ void CookieMonster::TrimDuplicateCookiesForKey(const std::string& key,
 
   // Iterate through all of the cookies in our range, and insert them into
   // the equivalence map.
-  for (CookieMap::iterator it = begin; it != end; ++it) {
+  for (auto it = begin; it != end; ++it) {
     DCHECK_EQ(key, it->first);
     CanonicalCookie* cookie = it->second.get();
 
@@ -1038,8 +1037,8 @@ void CookieMonster::TrimDuplicateCookiesForKey(const std::string& key,
 
   // Otherwise, delete all the duplicate cookies, both from our in-memory store
   // and from the backing store.
-  for (EquivalenceMap::iterator it = equivalent_cookies.begin();
-       it != equivalent_cookies.end(); ++it) {
+  for (auto it = equivalent_cookies.begin(); it != equivalent_cookies.end();
+       ++it) {
     const CookieSignature& signature = it->first;
     CookieSet& dupes = it->second;
 
@@ -1061,8 +1060,7 @@ void CookieMonster::TrimDuplicateCookiesForKey(const std::string& key,
     // Remove all the cookies identified by |dupes|. It is valid to delete our
     // list of iterators one at a time, since |cookies_| is a multimap (they
     // don't invalidate existing iterators following deletion).
-    for (CookieSet::iterator dupes_it = dupes.begin(); dupes_it != dupes.end();
-         ++dupes_it) {
+    for (auto dupes_it = dupes.begin(); dupes_it != dupes.end(); ++dupes_it) {
       InternalDeleteCookie(*dupes_it, true,
                            DELETE_COOKIE_DUPLICATE_IN_BACKING_STORE);
     }
@@ -1097,7 +1095,7 @@ void CookieMonster::FindCookiesForKey(const std::string& key,
 
   for (CookieMapItPair its = cookies_.equal_range(key);
        its.first != its.second;) {
-    CookieMap::iterator curit = its.first;
+    auto curit = its.first;
     CanonicalCookie* cc = curit->second.get();
     ++its.first;
 
@@ -1137,9 +1135,11 @@ bool CookieMonster::DeleteAnyEquivalentCookie(
 
   histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_ATTEMPT);
 
+  CookieMap::iterator cookie_it_to_possibly_delete = cookies_.end();
+  CanonicalCookie* cc_skipped_secure = nullptr;
   for (CookieMapItPair its = cookies_.equal_range(key);
        its.first != its.second;) {
-    CookieMap::iterator curit = its.first;
+    auto curit = its.first;
     CanonicalCookie* cc = curit->second.get();
     ++its.first;
 
@@ -1152,6 +1152,7 @@ bool CookieMonster::DeleteAnyEquivalentCookie(
     if (cc->IsSecure() && !source_secure &&
         ecc.IsEquivalentForSecureCookieMatching(*cc)) {
       skipped_secure_cookie = true;
+      cc_skipped_secure = cc;
       histogram_cookie_delete_equivalent_->Add(
           COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE);
       net_log_.AddEvent(
@@ -1176,6 +1177,7 @@ bool CookieMonster::DeleteAnyEquivalentCookie(
       // and be considered equivalent.
       CHECK(!found_equivalent_cookie)
           << "Duplicate equivalent cookies found, cookie store is corrupted.";
+      DCHECK(cookie_it_to_possibly_delete == cookies_.end());
       if (skip_httponly && cc->IsHttpOnly()) {
         skipped_httponly = true;
         net_log_.AddEvent(
@@ -1183,20 +1185,38 @@ bool CookieMonster::DeleteAnyEquivalentCookie(
             base::BindRepeating(&NetLogCookieMonsterCookieRejectedHttponly, cc,
                                 &ecc));
       } else {
-        histogram_cookie_delete_equivalent_->Add(
-            COOKIE_DELETE_EQUIVALENT_FOUND);
-        if (cc->Value() == ecc.Value()) {
-          *creation_date_to_inherit = cc->CreationDate();
-          histogram_cookie_delete_equivalent_->Add(
-              COOKIE_DELETE_EQUIVALENT_FOUND_WITH_SAME_VALUE);
-        }
-        InternalDeleteCookie(curit, true, already_expired
-                                              ? DELETE_COOKIE_EXPIRED_OVERWRITE
-                                              : DELETE_COOKIE_OVERWRITE);
+        cookie_it_to_possibly_delete = curit;
       }
       found_equivalent_cookie = true;
     }
   }
+
+  if (cookie_it_to_possibly_delete != cookies_.end()) {
+    CanonicalCookie* cc_to_possibly_delete =
+        cookie_it_to_possibly_delete->second.get();
+    // If a secure cookie was encountered (and left alone), don't actually
+    // modify any of the pre-existing cookies. Only delete if no secure cookies
+    // were skipped.
+    if (!skipped_secure_cookie) {
+      histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_FOUND);
+      if (cc_to_possibly_delete->Value() == ecc.Value()) {
+        *creation_date_to_inherit = cc_to_possibly_delete->CreationDate();
+        histogram_cookie_delete_equivalent_->Add(
+            COOKIE_DELETE_EQUIVALENT_FOUND_WITH_SAME_VALUE);
+      }
+      InternalDeleteCookie(cookie_it_to_possibly_delete, true,
+                           already_expired ? DELETE_COOKIE_EXPIRED_OVERWRITE
+                                           : DELETE_COOKIE_OVERWRITE);
+    } else {
+      // If any secure cookie was skipped, preserve the pre-existing cookie.
+      DCHECK(cc_skipped_secure);
+      net_log_.AddEvent(
+          NetLogEventType::COOKIE_STORE_COOKIE_PRESERVED_SKIPPED_SECURE,
+          base::BindRepeating(&NetLogCookieMonsterCookiePreservedSkippedSecure,
+                              cc_skipped_secure, cc_to_possibly_delete, &ecc));
+    }
+  }
+
   return skipped_httponly || skipped_secure_cookie;
 }
 
@@ -1214,8 +1234,7 @@ CookieMonster::CookieMap::iterator CookieMonster::InternalInsertCookie(
       sync_to_store) {
     store_->AddCookie(*cc_ptr);
   }
-  CookieMap::iterator inserted =
-      cookies_.insert(CookieMap::value_type(key, std::move(cc)));
+  auto inserted = cookies_.insert(CookieMap::value_type(key, std::move(cc)));
 
   // See InitializeHistograms() for details.
   int32_t type_sample = cc_ptr->SameSite() != CookieSameSite::NO_RESTRICTION
@@ -1624,7 +1643,7 @@ size_t CookieMonster::GarbageCollectExpired(const Time& current,
 
   int num_deleted = 0;
   for (CookieMap::iterator it = itpair.first, end = itpair.second; it != end;) {
-    CookieMap::iterator curit = it;
+    auto curit = it;
     ++it;
 
     if (curit->second->IsExpired(current)) {
@@ -1645,7 +1664,7 @@ size_t CookieMonster::GarbageCollectDeleteRange(
     CookieItVector::iterator it_end) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
-  for (CookieItVector::iterator it = it_begin; it != it_end; it++) {
+  for (auto it = it_begin; it != it_end; it++) {
     InternalDeleteCookie((*it), true, cause);
   }
   return it_end - it_begin;
@@ -1667,7 +1686,7 @@ size_t CookieMonster::GarbageCollectLeastRecentlyAccessed(
       cookie_its.begin(), cookie_its.end(),
       cookie_its.size() < purge_goal ? purge_goal + 1 : purge_goal);
   // Find boundary to cookies older than safe_date.
-  CookieItVector::iterator global_purge_it = LowerBoundAccessDate(
+  auto global_purge_it = LowerBoundAccessDate(
       cookie_its.begin(), cookie_its.begin() + purge_goal, safe_date);
   // Only delete the old cookies and delete non-secure ones first.
   size_t num_deleted =
@@ -1862,8 +1881,7 @@ void CookieMonster::DoCookieCallbackForHostOrDomain(
     // Checks if the domain key has been loaded.
     std::string key = GetKey(host_or_domain);
     if (keys_loaded_.find(key) == keys_loaded_.end()) {
-      std::map<std::string, base::circular_deque<base::OnceClosure>>::iterator
-          it = tasks_pending_for_key_.find(key);
+      auto it = tasks_pending_for_key_.find(key);
       if (it == tasks_pending_for_key_.end()) {
         store_->LoadCookiesForKey(
             key, base::Bind(&CookieMonster::OnKeyLoaded,
diff --git a/chromium/net/cookies/cookie_monster_change_dispatcher.cc b/chromium/net/cookies/cookie_monster_change_dispatcher.cc
index 2eadab6ca65..a53b1edcaa4 100644
--- a/chromium/net/cookies/cookie_monster_change_dispatcher.cc
+++ b/chromium/net/cookies/cookie_monster_change_dispatcher.cc
@@ -168,7 +168,7 @@ void CookieMonsterChangeDispatcher::DispatchChangeToDomainKey(
     const std::string& domain_key) {
   DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
 
-  CookieDomainMap::iterator it = cookie_domain_map_.find(domain_key);
+  auto it = cookie_domain_map_.find(domain_key);
   if (it == cookie_domain_map_.end())
     return;
 
@@ -184,7 +184,7 @@ void CookieMonsterChangeDispatcher::DispatchChangeToNameKey(
     const std::string& name_key) {
   DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
 
-  CookieNameMap::iterator it = cookie_name_map.find(name_key);
+  auto it = cookie_name_map.find(name_key);
   if (it == cookie_name_map.end())
     return;
 
@@ -212,12 +212,12 @@ void CookieMonsterChangeDispatcher::UnlinkSubscription(
     Subscription* subscription) {
   DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
 
-  CookieDomainMap::iterator cookie_domain_map_iterator =
+  auto cookie_domain_map_iterator =
       cookie_domain_map_.find(subscription->domain_key());
   DCHECK(cookie_domain_map_iterator != cookie_domain_map_.end());
 
   CookieNameMap& cookie_name_map = cookie_domain_map_iterator->second;
-  CookieNameMap::iterator cookie_name_map_iterator =
+  auto cookie_name_map_iterator =
       cookie_name_map.find(subscription->name_key());
   DCHECK(cookie_name_map_iterator != cookie_name_map.end());
 
diff --git a/chromium/net/cookies/cookie_monster_netlog_params.cc b/chromium/net/cookies/cookie_monster_netlog_params.cc
index e4f358c2fdf..b4b17d286f7 100644
--- a/chromium/net/cookies/cookie_monster_netlog_params.cc
+++ b/chromium/net/cookies/cookie_monster_netlog_params.cc
@@ -97,4 +97,23 @@ std::unique_ptr<base::Value> NetLogCookieMonsterCookieRejectedHttponly(
   return dict;
 }
 
+std::unique_ptr<base::Value> NetLogCookieMonsterCookiePreservedSkippedSecure(
+    const CanonicalCookie* skipped_secure,
+    const CanonicalCookie* preserved,
+    const CanonicalCookie* new_cookie,
+    NetLogCaptureMode capture_mode) {
+  if (!capture_mode.include_cookies_and_credentials())
+    return nullptr;
+  std::unique_ptr<base::Value> dict =
+      std::make_unique<base::Value>(base::Value::Type::DICTIONARY);
+  dict->SetKey("name", base::Value(preserved->Name()));
+  dict->SetKey("domain", base::Value(preserved->Domain()));
+  dict->SetKey("path", base::Value(preserved->Path()));
+  dict->SetKey("securecookiedomain", base::Value(skipped_secure->Domain()));
+  dict->SetKey("securecookiepath", base::Value(skipped_secure->Path()));
+  dict->SetKey("preservedvalue", base::Value(preserved->Value()));
+  dict->SetKey("discardedvalue", base::Value(new_cookie->Value()));
+  return dict;
+}
+
 }  // namespace net
diff --git a/chromium/net/cookies/cookie_monster_netlog_params.h b/chromium/net/cookies/cookie_monster_netlog_params.h
index fa8b0571f16..8a5dc1fc2e1 100644
--- a/chromium/net/cookies/cookie_monster_netlog_params.h
+++ b/chromium/net/cookies/cookie_monster_netlog_params.h
@@ -50,6 +50,16 @@ std::unique_ptr<base::Value> NetLogCookieMonsterCookieRejectedHttponly(
     const CanonicalCookie* new_cookie,
     NetLogCaptureMode capture_mode);
 
+// Returns a Value containing NetLog parameters for when, upon an attempted
+// cookie addition which is rejected due to a conflict with a secure cookie, a
+// pre-existing cookie would have been deleted but is instead preserved because
+// the addition failed.
+std::unique_ptr<base::Value> NetLogCookieMonsterCookiePreservedSkippedSecure(
+    const CanonicalCookie* skipped_secure,
+    const CanonicalCookie* preserved,
+    const CanonicalCookie* new_cookie,
+    NetLogCaptureMode capture_mode);
+
 }  // namespace net
 
 #endif  // NET_COOKIES_COOKIE_MONSTER_NETLOG_PARAMS_H_
diff --git a/chromium/net/cookies/cookie_monster_store_test.cc b/chromium/net/cookies/cookie_monster_store_test.cc
index 4c7d7c404bc..652a97681e6 100644
--- a/chromium/net/cookies/cookie_monster_store_test.cc
+++ b/chromium/net/cookies/cookie_monster_store_test.cc
@@ -179,7 +179,7 @@ void MockSimplePersistentCookieStore::UpdateCookieAccessTime(
 void MockSimplePersistentCookieStore::DeleteCookie(
     const CanonicalCookie& cookie) {
   int64_t creation_time = cookie.CreationDate().ToInternalValue();
-  CanonicalCookieMap::iterator it = cookies_.find(creation_time);
+  auto it = cookies_.find(creation_time);
   ASSERT_TRUE(it != cookies_.end());
   cookies_.erase(it);
 }
diff --git a/chromium/net/cookies/cookie_monster_unittest.cc b/chromium/net/cookies/cookie_monster_unittest.cc
index ecedc2285a1..7d12f2e1a63 100644
--- a/chromium/net/cookies/cookie_monster_unittest.cc
+++ b/chromium/net/cookies/cookie_monster_unittest.cc
@@ -348,7 +348,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
                            const std::string& domain,
                            const std::string& name) {
     CookieList cookies = this->GetAllCookies(cm);
-    for (CookieList::iterator it = cookies.begin(); it != cookies.end(); ++it)
+    for (auto it = cookies.begin(); it != cookies.end(); ++it)
       if (it->Domain() == domain && it->Name() == name)
         return this->DeleteCanonicalCookie(cm, *it);
     return false;
@@ -838,7 +838,7 @@ class CookieMonsterTestBase : public CookieStoreTest<T> {
   }
 
   bool IsCookieInList(const CanonicalCookie& cookie, const CookieList& list) {
-    for (CookieList::const_iterator it = list.begin(); it != list.end(); ++it) {
+    for (auto it = list.begin(); it != list.end(); ++it) {
       if (it->Name() == cookie.Name() && it->Value() == cookie.Value() &&
           it->Domain() == cookie.Domain() && it->Path() == cookie.Path() &&
           it->CreationDate() == cookie.CreationDate() &&
@@ -1507,7 +1507,7 @@ TEST_F(CookieMonsterTest, TestLastAccess) {
 
   // Getting all cookies for a URL doesn't update the accessed time either.
   CookieList cookies = GetAllCookiesForURL(cm.get(), http_www_foo_.url());
-  CookieList::iterator it = cookies.begin();
+  auto it = cookies.begin();
   ASSERT_TRUE(it != cookies.end());
   EXPECT_EQ(http_www_foo_.host(), it->Domain());
   EXPECT_EQ("A", it->Name());
@@ -1581,7 +1581,7 @@ TEST_F(CookieMonsterTest, GetAllCookiesForURL) {
 
   // Check cookies for url.
   CookieList cookies = GetAllCookiesForURL(cm.get(), http_www_foo_.url());
-  CookieList::iterator it = cookies.begin();
+  auto it = cookies.begin();
 
   ASSERT_TRUE(it != cookies.end());
   EXPECT_EQ(http_www_foo_.host(), it->Domain());
@@ -1639,7 +1639,7 @@ TEST_F(CookieMonsterTest, GetAllCookiesForURLPathMatching) {
       SetCookieWithOptions(cm.get(), http_www_foo_.url(), "E=F;", options));
 
   CookieList cookies = GetAllCookiesForURL(cm.get(), www_foo_foo_.url());
-  CookieList::iterator it = cookies.begin();
+  auto it = cookies.begin();
 
   ASSERT_TRUE(it != cookies.end());
   EXPECT_EQ("A", it->Name());
@@ -1737,7 +1737,7 @@ TEST_F(CookieMonsterTest, DeleteCookieByName) {
   CookieList cookies = GetAllCookies(cm.get());
   size_t expected_size = 4;
   EXPECT_EQ(expected_size, cookies.size());
-  for (CookieList::iterator it = cookies.begin(); it != cookies.end(); ++it) {
+  for (auto it = cookies.begin(); it != cookies.end(); ++it) {
     EXPECT_NE("A1", it->Value());
     EXPECT_NE("A2", it->Value());
   }
@@ -2498,7 +2498,7 @@ TEST_F(CookieMonsterTest, SetAllCookies) {
   CookieList cookies = GetAllCookies(cm.get());
   size_t expected_size = 3;  // "A", "W" and "Y". "U" is gone.
   EXPECT_EQ(expected_size, cookies.size());
-  CookieList::iterator it = cookies.begin();
+  auto it = cookies.begin();
 
   ASSERT_TRUE(it != cookies.end());
   EXPECT_EQ("W", it->Name());
@@ -2889,6 +2889,8 @@ TEST_F(CookieMonsterTest, SetSecureCookies) {
   GURL http_url("http://www.foo.com");
   GURL http_superdomain_url("http://foo.com");
   GURL https_url("https://www.foo.com");
+  GURL https_foo_url("https://www.foo.com/foo");
+  GURL http_foo_url("http://www.foo.com/foo");
 
   // A non-secure cookie can be created from either a URL with a secure or
   // insecure scheme.
@@ -2932,6 +2934,36 @@ TEST_F(CookieMonsterTest, SetSecureCookies) {
   EXPECT_FALSE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/my/path"));
   EXPECT_FALSE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/my/path/sub"));
 
+  DeleteAll(cm.get());
+
+  // If a secure cookie is set on top of an existing insecure cookie but with a
+  // different path, both are retained.
+  EXPECT_TRUE(SetCookie(cm.get(), http_url, "A=B; path=/foo"));
+  EXPECT_TRUE(SetCookie(cm.get(), https_url, "A=C; Secure; path=/"));
+
+  // Querying from an insecure url gets only the insecure cookie, but querying
+  // from a secure url returns both.
+  EXPECT_EQ("A=B", GetCookies(cm.get(), http_foo_url));
+  EXPECT_THAT(GetCookies(cm.get(), https_foo_url), testing::HasSubstr("A=B"));
+  EXPECT_THAT(GetCookies(cm.get(), https_foo_url), testing::HasSubstr("A=C"));
+
+  // Attempting to set an insecure cookie (from an insecure scheme) that domain-
+  // matches and path-matches the secure cookie fails i.e. the secure cookie is
+  // left alone...
+  EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=D; path=/foo"));
+  EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=D; path=/"));
+  EXPECT_THAT(GetCookies(cm.get(), https_foo_url), testing::HasSubstr("A=C"));
+
+  // ...but the original insecure cookie is still retained.
+  EXPECT_THAT(GetCookies(cm.get(), https_foo_url), testing::HasSubstr("A=B"));
+  EXPECT_THAT(GetCookies(cm.get(), https_foo_url),
+              testing::Not(testing::HasSubstr("A=D")));
+
+  // Deleting the secure cookie leaves only the original insecure cookie.
+  EXPECT_TRUE(SetCookie(cm.get(), https_url,
+                        "A=C; path=/; Expires=Thu, 01-Jan-1970 00:00:01 GMT"));
+  EXPECT_EQ("A=B", GetCookies(cm.get(), https_foo_url));
+
   // If a non-secure cookie is created from a URL with an insecure scheme, and
   // a secure cookie with the same name already exists, if the domain strings
   // domain-match, do not update the cookie.
diff --git a/chromium/net/cookies/cookie_util.cc b/chromium/net/cookies/cookie_util.cc
index 7fe5300270e..f2888789978 100644
--- a/chromium/net/cookies/cookie_util.cc
+++ b/chromium/net/cookies/cookie_util.cc
@@ -349,8 +349,7 @@ void ParseRequestCookieLine(const std::string& header_value,
 std::string SerializeRequestCookieLine(
     const ParsedRequestCookies& parsed_cookies) {
   std::string buffer;
-  for (ParsedRequestCookies::const_iterator i = parsed_cookies.begin();
-       i != parsed_cookies.end(); ++i) {
+  for (auto i = parsed_cookies.begin(); i != parsed_cookies.end(); ++i) {
     if (!buffer.empty())
       buffer.append("; ");
     buffer.append(i->first.begin(), i->first.end());
diff --git a/chromium/net/cookies/parsed_cookie.cc b/chromium/net/cookies/parsed_cookie.cc
index 701d173d2e9..9cc4c828dc4 100644
--- a/chromium/net/cookies/parsed_cookie.cc
+++ b/chromium/net/cookies/parsed_cookie.cc
@@ -217,7 +217,7 @@ bool ParsedCookie::SetPriority(const std::string& priority) {
 
 std::string ParsedCookie::ToCookieLine() const {
   std::string out;
-  for (PairList::const_iterator it = pairs_.begin(); it != pairs_.end(); ++it) {
+  for (auto it = pairs_.begin(); it != pairs_.end(); ++it) {
     if (!out.empty())
       out.append("; ");
     out.append(it->first);