Remove third party auth redirect URI domain check.

Talkgadget can redirect the user to other subdomains, and our content script won't run over the intermediate 302 pages, only the final URL - so we can't assume that the actual redirect URI we'll receive will match the one we asked for. Note that there is still an implicit restriction that this must be a talkgadget subdomain (since that's our content script's url glob).

BUG=

Review URL: https://chromiumcodereview.appspot.com/22611008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@216869 0039d316-1c4b-4281-b951-d872f2087c98

remoting/webapp/third_party_token_fetcher.js

@@ -93,9 +93,9 @@ remoting.ThirdPartyTokenFetcher.prototype.parseRedirectUrl_ =
     function(responseUrl) {
   var token = '';
   var sharedSecret = '';
-  if (responseUrl &&
-      responseUrl.search(this.redirectUri_ + '#') == 0) {
-    var query = responseUrl.substring(this.redirectUri_.length + 1);
+
+  if (responseUrl && responseUrl.search('#') >= 0) {
+    var query = responseUrl.substring(responseUrl.search('#') + 1);
     var parts = query.split('&');
     /** @type {Object.<string>} */
     var queryArgs = {};
@@ -105,8 +105,7 @@ remoting.ThirdPartyTokenFetcher.prototype.parseRedirectUrl_ =
     }
 
     // Check that 'state' contains the same XSRF token we sent in the request.
-    var xsrfToken = queryArgs['state'];
-    if (xsrfToken == this.xsrfToken_ &&
+    if ('state' in queryArgs && queryArgs['state'] == this.xsrfToken_ &&
         'code' in queryArgs && 'access_token' in queryArgs) {
       // Terminology note:
       // In the OAuth code/token exchange semantics, 'code' refers to the value