Fix iframe security policy directives for viewing isolate content

Fix iframe security policy directives for viewing isolate content
 - include 'self' in child-src csp for isolate BrowserHandler
 - whitelist google-analytics for img-src in component/auth

BUG=689723
Review-Url: https://codereview.chromium.org/2681293003
Committed: https://github.com/luci/luci-py/commit/1572861aa9c53a547b8372602c58abd49aa62352

[jonesmi, 2017-02-09 16:03:53]

Description was changed from

==========
Fix iframe security policy directive with child-src (use 'self')

BUG=689723

Bug: 689723
==========

to

==========
Fix iframe security policy directive with child-src (use 'self')

BUG=689723
==========

[jonesmi, 2017-02-09 16:03:53]

jonesmi@google.com changed reviewers:
+ maruel@chromium.org

[jonesmi, 2017-02-09 16:04:09]

https://codereview.chromium.org/2681293003/diff/1/appengine/components/compon...
File appengine/components/components/auth/handler.py (left):

https://codereview.chromium.org/2681293003/diff/1/appengine/components/compon...
appengine/components/components/auth/handler.py:378:
'https://accounts.google.com',  # Google OAuth2 library opens iframes
assume we want to keep this line? wasn't sure

[M-A Ruel, 2017-02-09 21:37:09]

Only one small nit

https://codereview.chromium.org/2681293003/diff/80001/appengine/isolate/handl...
File appengine/isolate/handlers_frontend.py (left):

https://codereview.chromium.org/2681293003/diff/80001/appengine/isolate/handl...
appengine/isolate/handlers_frontend.py:283: 
add back, we keep two empty lines between file level symbols.

[jonesmi, 2017-02-09 21:41:26]

Description was changed from

==========
Fix iframe security policy directive with child-src (use 'self')

BUG=689723
==========

to

==========
Fix iframe security policy directives for viewing isolate content
 - include 'self' in child-src csp for isolate BrowserHandler
 - whitelist google-analytics for img-src in component/auth

BUG=689723
==========

[jonesmi, 2017-02-09 21:49:04]

https://codereview.chromium.org/2681293003/diff/80001/appengine/isolate/handl...
File appengine/isolate/handlers_frontend.py (left):

https://codereview.chromium.org/2681293003/diff/80001/appengine/isolate/handl...
appengine/isolate/handlers_frontend.py:283: 
On 2017/02/09 21:37:09, M-A Ruel wrote:
> add back, we keep two empty lines between file level symbols.

Done.

[M-A Ruel, 2017-02-09 21:49:26]

The CQ bit was checked by maruel@chromium.org

[M-A Ruel, 2017-02-09 21:49:27]

lgtm

[commit-bot: I haz the power, 2017-02-09 21:49:31]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-09 21:52:27]

CQ is committing da patch.

Bot data: {"patchset_id": 100001, "attempt_start_ts": 1486676966629990,
"parent_rev": "aff4c10e84ede1b53c1980ca19fb369752288360", "commit_rev":
"1572861aa9c53a547b8372602c58abd49aa62352"}

[commit-bot: I haz the power, 2017-02-09 21:52:30]

Description was changed from

==========
Fix iframe security policy directives for viewing isolate content
 - include 'self' in child-src csp for isolate BrowserHandler
 - whitelist google-analytics for img-src in component/auth

BUG=689723
==========

to

==========
Fix iframe security policy directives for viewing isolate content
 - include 'self' in child-src csp for isolate BrowserHandler
 - whitelist google-analytics for img-src in component/auth

BUG=689723

Review-Url: https://codereview.chromium.org/2681293003
Committed:
https://github.com/luci/luci-py/commit/1572861aa9c53a547b8372602c58abd49aa62352
==========

[commit-bot: I haz the power, 2017-02-09 21:52:31]

Committed patchset #6 (id:100001) as
https://github.com/luci/luci-py/commit/1572861aa9c53a547b8372602c58abd49aa62352

[jonesmi, 2017-02-14 23:04:29]

Patchset #7 (id:120001) has been deleted