cros: Add a header for gaia auth requests.

chrome/browser/resources/gaia_auth/manifest.json

Index: chrome/browser/resources/gaia_auth/manifest.json
diff --git a/chrome/browser/resources/gaia_auth/manifest.json b/chrome/browser/resources/gaia_auth/manifest.json
index 0606736a580c9d77c212cf7ad3e786f5b4aba655..123e8311fa21c8135a1b38a989e664da2d284518 100644
--- a/chrome/browser/resources/gaia_auth/manifest.json
+++ b/chrome/browser/resources/gaia_auth/manifest.json
@@ -4,7 +4,7 @@
   "name": "GaiaAuthExtension",
   "version": "0.0.1",
   "manifest_version": 2,
-  "content_security_policy": "default-src 'self'; script-src 'self'; frame-src *; style-src 'self' 'unsafe-inline'",
+  "content_security_policy": "default-src 'self'; script-src 'self'; frame-src *; style-src 'self'",
   "description": "GAIA Component Extension",
   "web_accessible_resources": [
     "main.css",
@@ -17,12 +17,15 @@
     "success.js",
     "util.js"
   ],
-  // cookies for getting hash passed back from GAIA on login success
-  // tabs for calling current webui's login. This might not be needed once
-  //     we have extension API
+  "background": {
+    "scripts": ["background.js"]
+  },
+  // background, webRequest and host rules to set additional http header for
+  //     request sent from sub frame.
   "permissions": [
-      "cookies",
-      "tabs",
-      "chrome://oobe/"
+    "background",
+    "webRequest",
+    "webRequestBlocking",
+    "<all_urls>"
   ]
 }