-
xiyuan authored
- Pass gaia auth init params via postMessage instead of URL params; - Validate message origins on both ends to ensure gaia auth only takes params from intended hosting pages and hosting pages only send params to gaia_auth; - Add string data storage to GaiaAuthExtensionLoader; - Use the string data storage to pass frameURL for switchToFullTab; - Update CSP in manifests to be more restrictive; - Clean up unused code in util.js; BUG=453994 Review URL: https://codereview.chromium.org/902493003 Cr-Commit-Position: refs/heads/master@{#314905}
3fb85eb7
