Unable to reproduce this issue on reported version 64.0.3269.3 and on latest canary 64.0.3279.0 using windows 10 with steps mentione below. Attaching screencast for reference.

1. Navigated to https://github.com/SteamDatabase/BrowserExtension/tree/108115e68c6378fc3cfa842e09aedc0ad508a6ef and added chrome extension
2. Right clicked on extension and selected Steam Database. Now in https://steamdb.info/ page opened devtools Network tab
3. Filtered XHR request and naviagted to cookies tab and observed request entries.

@Reporter: Could you please check the video and let us know if we miss anything in steps. And also could you please let us know where to check Cookie entries. This would help in further triaging of the issue.

Thanks!

Deleted: 788738.mp4 3.4 MB

	788738.mp4 3.4 MB View Download

Oh dang, for some reason my third-party cookie settings got reset, and as a result of that there were no request cookies sent. So there is no bug here.

However this brings another question, is there no way for extension to avoid the third-party cookie setting? Since the permission for third party domain is given, I blindly assumed it wouldn't be affected.

Thank you for providing more feedback. Adding requester "sc00335628@techmahindra.com" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

As per comment#4, removing Needs-Bisect label

@Network team, can anyone please confirm is there any way to avoid the third-party cookie setting in extensions

+tyoshino, do you know anything about this?

Not sure. I just explored the path but it looks extensions are still exempted (CookieSettings::GetCookieSetting()).

Mike, have you made any change to cookie handling for extensions recently?

//net/cookies is undergoing some refactoring as part of servicification which might theoretically have an impact here, +rdsmith@.

+benwells for content settings.

Given #4 is from the OP and says "...there is no bug here.' I don't think there is any need to look for changes to cookie handling, extensions etc.

The question asked now is whether extensions can avoid the third party cookie setting altogether. Off the top of my head I'd say no, but I'm not a cookie expert.

> Given #4 is from the OP and says "...there is no bug here.' I don't think there is any need to look for changes to cookie handling

I did indeed say no bug because I remember Chrome behaving the same way before. However the new question is still valid, as I'd expect permission given during extension install propagate to things like 3rd-party cookies.

> Given #4 is from the OP and says ...

Oops, sorry.

> I tried to use fetch API, but that does not solve the problem:

It's failing since Chrome doesn't allow cross-origin value for the referrer option. The step 15 of https://fetch.spec.whatwg.org/#dom-request now allows such an input but when it was implemented initially, it wasn't. See  bug 694430 .

Do you need a referrer header to test it? If not, please try removing it.

I'm a bit confused by "third party cookie setting". Let me check what you meant by that phrase. It's about setting a third-party cookie to the user agent? Or it's about third-party cookie blocking feature of Chrome?

It's about Chrome's setting to block third-party cookies. Which also blocks cookies from being send to 3rd-party domains when executed from privileged Chrome extension.

This currently can be avoided by manually whitelisting the 3rd-party domain on the domain that executes the request.

Thank you.

OK. You meant the permissions section in manifest.json by the sentence "Since the permission for third party domain is given, I blindly assumed it wouldn't be affected." while you meant the content settings dialog in the Chrome preference by the sentence "manually whitelisting the 3rd-party domain on the domain that executes the request.". Right?

Then, I understood the question. I think there's no way to do that for now. The infrastructure for implementing Same origin policy and CORS, the blink::SecurityOrigin class, is taking into account the patterns specified by the permissions section, but the logic for checking whether to handle cookies is not looking at the patterns.

I'm not sure if it's really the right behavior.

> Right?

Yeah.

You mentioned trying `fetch` without setting the `referrer`, would that work or still have the same problem?

Sorry for the unclearness. Right, it's not about solving the problem being discussed but to avoid getting the unrelated exception about the problem with the referrer option.

There *is* a bug here. 
With 3rd party cookies blocked https://chrome.google.com/webstore/detail/dom-distiller-reading-mod/oiembdaoobijmdmeobkalaehgifealpl does not work anymore.

Chrome 65.0.3325.146 (64-Bit)

(Unassigning myself, marking untriaged in preparation to retriage with folks who will do a better job taking care of cookies than I've been able to)

I'm not sure if it's directly related to the reported issue, as some time has passed, but the behaviour of passing cookies has changed between 70.x and 71.x (today).

Previously cookies were sent to domain but now will not be sent unless "Block third-party cookies" is disabled.

My manifest has permissions to "*://*.newsblur.com/*" [1] and I am sending a GET request to "https://www.newsblur.com/reader/refresh_feeds" [2].

I'm not sure what's changed here between 70.x and 71.x but my extension is broken for now.

[1] https://github.com/JoshSchreuder/newsblur-notifier-plus/blob/master/app/manifest.json#L26

[2] https://github.com/JoshSchreuder/newsblur-notifier-plus/blob/master/app/scripts/newsblur.js#L15-L16

#24, I don't think that's a new issue, and that is what report is talking about.

You have to have the domain allowed in third-party cookies.

#25, I know it seems similar. But this seems like a regression to me.

My extension that worked on Windows 10 70.0.3538.110 (Official Build) (64-bit) is now broken on Windows 10 71.0.3578.80 (Official Build) (64-bit) unless "Block third-party cookies" is disabled. None of my other settings have changed, I just updated Chrome and it broke.

So it seems like something has changed recently, or perhaps some older code made it upstream? I wasn't sure whether or not to raise a new issue as it seemed similar to this one.

[+cduvall] Looks like Chrome 71 is the first version with https://chromium-review.googlesource.com/c/chromium/src/+/1195147/ in it.  Maybe that caused this issue?

(Not the original issue, but the regression mentioned in #24)

Looks like my previous changed missed one bit of extensions logic here: https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

I have a CL up for the fix: http://crrev.com/c/1364696

Great!  Thanks for the quick fix!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/042756580e2aa3917d3215744f8428d3a4b672b4

commit 042756580e2aa3917d3215744f8428d3a4b672b4
Author: Clark DuVall <cduvall@chromium.org>
Date: Thu Dec 06 19:17:42 2018

Allow third party cookies for requests from chrome-extension schemes

This fixes a regression where requests from extension background pages
were not getting third party cookies. XHR requests from extensions
should be allowed to see cookies from URLs that are listed in the
permissions of the manifest, even if third party cookies are blocked.

A previous change (http://crrev.com/c/1195147) missed this bit of
functionality from here:
https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

Bug: 788738
Change-Id: Ie239f7077772513f54c9d2a9c811774986d24506
Reviewed-on: https://chromium-review.googlesource.com/c/1364696
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#614442}
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/chrome/browser/net/network_context_configuration_browsertest.cc
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/services/network/cookie_manager.cc
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/services/network/cookie_settings.cc
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/services/network/cookie_settings.h
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/services/network/cookie_settings_unittest.cc
[modify] https://crrev.com/042756580e2aa3917d3215744f8428d3a4b672b4/services/network/public/mojom/cookie_manager.mojom

I'll request a merge for this once it has been verified in tomorrow's canary.

Confirmed this is working in the latest canary. Requesting merge for M71 and M72 for patch in comment #32. This is a regression in M71:

Previous behavior:
- Extensions with manifest permissions are able to access third party cookies for URLs in the manifest even when "Block third-party cookies" is turned on in content settings.

M71 behavior:
- Extensions can no longer access cookies when "Block third-party cookies" is on

The fix is relatively small (20 lines of non-test code) and should be low risk.

This bug requires manual review: Request affecting a post-stable build
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Approving merge to M71 branch 3578 and M72 branch 3626 based on comment #34. Pls merge ASAP. Thank you.

 Issue 912139  has been merged into this issue.

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/50b2366beb64823a31bdd8bab9d1df412cfd58b3

Commit: 50b2366beb64823a31bdd8bab9d1df412cfd58b3
Author: cduvall@chromium.org
Commiter: cduvall@chromium.org
Date: 2018-12-07 18:39:43 +0000 UTC

Allow third party cookies for requests from chrome-extension schemes

This fixes a regression where requests from extension background pages
were not getting third party cookies. XHR requests from extensions
should be allowed to see cookies from URLs that are listed in the
permissions of the manifest, even if third party cookies are blocked.

A previous change (http://crrev.com/c/1195147) missed this bit of
functionality from here:
https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

Bug: 788738
Change-Id: Ie239f7077772513f54c9d2a9c811774986d24506
Reviewed-on: https://chromium-review.googlesource.com/c/1364696
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#614442}(cherry picked from commit 042756580e2aa3917d3215744f8428d3a4b672b4)
Reviewed-on: https://chromium-review.googlesource.com/c/1367907
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3578@{#876}
Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034}

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/50b2366beb64823a31bdd8bab9d1df412cfd58b3

commit 50b2366beb64823a31bdd8bab9d1df412cfd58b3
Author: Clark DuVall <cduvall@chromium.org>
Date: Fri Dec 07 18:39:43 2018

Allow third party cookies for requests from chrome-extension schemes

This fixes a regression where requests from extension background pages
were not getting third party cookies. XHR requests from extensions
should be allowed to see cookies from URLs that are listed in the
permissions of the manifest, even if third party cookies are blocked.

A previous change (http://crrev.com/c/1195147) missed this bit of
functionality from here:
https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

Bug: 788738
Change-Id: Ie239f7077772513f54c9d2a9c811774986d24506
Reviewed-on: https://chromium-review.googlesource.com/c/1364696
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#614442}(cherry picked from commit 042756580e2aa3917d3215744f8428d3a4b672b4)
Reviewed-on: https://chromium-review.googlesource.com/c/1367907
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3578@{#876}
Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034}
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/chrome/browser/net/network_context_configuration_browsertest.cc
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/services/network/cookie_manager.cc
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/services/network/cookie_settings.cc
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/services/network/cookie_settings.h
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/services/network/cookie_settings_unittest.cc
[modify] https://crrev.com/50b2366beb64823a31bdd8bab9d1df412cfd58b3/services/network/public/mojom/cookie_manager.mojom

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8

commit cb5664c53e1f8ce68298178c5f38bd995c6c5ea8
Author: Clark DuVall <cduvall@chromium.org>
Date: Fri Dec 07 18:53:59 2018

Allow third party cookies for requests from chrome-extension schemes

This fixes a regression where requests from extension background pages
were not getting third party cookies. XHR requests from extensions
should be allowed to see cookies from URLs that are listed in the
permissions of the manifest, even if third party cookies are blocked.

A previous change (http://crrev.com/c/1195147) missed this bit of
functionality from here:
https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

Bug: 788738
Change-Id: Ie239f7077772513f54c9d2a9c811774986d24506
Reviewed-on: https://chromium-review.googlesource.com/c/1364696
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#614442}(cherry picked from commit 042756580e2aa3917d3215744f8428d3a4b672b4)
Reviewed-on: https://chromium-review.googlesource.com/c/1368308
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#143}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/chrome/browser/net/network_context_configuration_browsertest.cc
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/services/network/cookie_manager.cc
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/services/network/cookie_settings.cc
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/services/network/cookie_settings.h
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/services/network/cookie_settings_unittest.cc
[modify] https://crrev.com/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8/services/network/public/mojom/cookie_manager.mojom

Don't mark this issue as fixed because that commit fixed a bug unrelated to the original report.

Oops, thought the original report had already fixed, reopening.

cduvall@ are you planning on continuing to work on this? I'm returning you to owner, but feel free to mark as "Available" if you shouldn't be. Thanks!

I'm not planning on continuing work on the original bug reported here, so I'll remove myself as owner.

Also reducing to P2, since that was the priority before the regression.

My issue was resolved in 71.0.3578.98. Thanks for all your help everyone!

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/cb5664c53e1f8ce68298178c5f38bd995c6c5ea8

Commit: cb5664c53e1f8ce68298178c5f38bd995c6c5ea8
Author: cduvall@chromium.org
Commiter: cduvall@chromium.org
Date: 2018-12-07 18:53:59 +0000 UTC

Allow third party cookies for requests from chrome-extension schemes

This fixes a regression where requests from extension background pages
were not getting third party cookies. XHR requests from extensions
should be allowed to see cookies from URLs that are listed in the
permissions of the manifest, even if third party cookies are blocked.

A previous change (http://crrev.com/c/1195147) missed this bit of
functionality from here:
https://cs.chromium.org/chromium/src/components/content_settings/core/browser/cookie_settings.cc?l=126&rcl=43732e6d56e5b5556590891fcbdb3c53a44fad5f

Bug: 788738
Change-Id: Ie239f7077772513f54c9d2a9c811774986d24506
Reviewed-on: https://chromium-review.googlesource.com/c/1364696
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#614442}(cherry picked from commit 042756580e2aa3917d3215744f8428d3a4b672b4)
Reviewed-on: https://chromium-review.googlesource.com/c/1368308
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#143}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}