Local NTP: Allow iframes from *.google.com

if OneGoogleBarOnLocalNtp is enabled. This achieves two things: - More robust if things change server-side - Allows staging instances BUG=583292 Review-Url: https://codereview.chromium.org/2856133002 Cr-Commit-Position: refs/heads/master@{#468933}

Local NTP: Allow iframes from *.google.com
if OneGoogleBarOnLocalNtp is enabled. This achieves two things: - More robust if things change server-side - Allows staging instances BUG=583292 Review-Url: https://codereview.chromium.org/2856133002 Cr-Commit-Position: refs/heads/master@{#468933}
8758b479 · treib · Commit bot · ada1e2d7 · 8758b479
Commit 8758b479 authored May 03, 2017 by treib Committed by Commit bot May 03, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 5 deletions

chrome/browser/search/local_ntp_source.cc chrome/browser/search/local_ntp_source.cc +2 -5

No files found.
--- a/chrome/browser/search/local_ntp_source.cc
+++ b/chrome/browser/search/local_ntp_source.cc
@@ -431,11 +431,8 @@ std::string LocalNtpSource::GetContentSecurityPolicyChildSrc() const {
  if (one_google_bar_service_) {
    // Allow embedding of the most visited iframe, as well as the account
    // switcher and the notifications dropdown from the One Google Bar.
-    // TODO(treib): Figure out a way to also allow staging instances.
+    return base::StringPrintf("child-src %s https://*.google.com/;",
-    return base::StringPrintf(
+                              chrome::kChromeSearchMostVisitedUrl);
-        "child-src %s https://accounts.google.com/ https://docs.google.com "
-        "https://notifications.google.com;",
-        chrome::kChromeSearchMostVisitedUrl);
  }
  // Allow embedding of the most visited iframe.
  return base::StringPrintf("child-src %s;",