Chromium Code Reviews Chromium Code Reviews
Issue 2856133002:
Local NTP: Allow iframes from *.google.com (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/search/local_ntp_source.h" | 5 #include "chrome/browser/search/local_ntp_source.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/feature_list.h" | 9 #include "base/feature_list.h" |
| 10 #include "base/json/json_string_value_serializer.h" | 10 #include "base/json/json_string_value_serializer.h" |
| (...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 424 "' " | 424 "' " |
| 425 "'sha256-yAvSu2Dl9rlQTpQn8P1hcE5GUFQVGbuCMHypwtN6uDg=';"; | 425 "'sha256-yAvSu2Dl9rlQTpQn8P1hcE5GUFQVGbuCMHypwtN6uDg=';"; |
| 426 } | 426 } |
| 427 | 427 |
| 428 std::string LocalNtpSource::GetContentSecurityPolicyChildSrc() const { | 428 std::string LocalNtpSource::GetContentSecurityPolicyChildSrc() const { |
| 429 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 429 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 430 | 430 |
| 431 if (one_google_bar_service_) { | 431 if (one_google_bar_service_) { |
| 432 // Allow embedding of the most visited iframe, as well as the account | 432 // Allow embedding of the most visited iframe, as well as the account |
| 433 // switcher and the notifications dropdown from the One Google Bar. | 433 // switcher and the notifications dropdown from the One Google Bar. |
| 434 // TODO(treib): Figure out a way to also allow staging instances. | 434 return base::StringPrintf("child-src %s https://*.google.com/;", |
| 435 return base::StringPrintf( | 435 chrome::kChromeSearchMostVisitedUrl); |
| 436 "child-src %s https://accounts.google.com/ https://docs.google.com " | |
| 437 "https://notifications.google.com;", | |
| 438 chrome::kChromeSearchMostVisitedUrl); | |
|
fhorschig
2017/05/03 10:41:59
As discussed offline, please point this out in the
| |
| 439 } | 436 } |
| 440 // Allow embedding of the most visited iframe. | 437 // Allow embedding of the most visited iframe. |
| 441 return base::StringPrintf("child-src %s;", | 438 return base::StringPrintf("child-src %s;", |
| 442 chrome::kChromeSearchMostVisitedUrl); | 439 chrome::kChromeSearchMostVisitedUrl); |
| 443 } | 440 } |
| 444 | 441 |
| 445 void LocalNtpSource::OnOneGoogleBarDataChanged() { | 442 void LocalNtpSource::OnOneGoogleBarDataChanged() { |
| 446 const base::Optional<OneGoogleBarData>& data = | 443 const base::Optional<OneGoogleBarData>& data = |
| 447 one_google_bar_service_->one_google_bar_data(); | 444 one_google_bar_service_->one_google_bar_data(); |
| 448 if (data.has_value()) | 445 if (data.has_value()) |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 490 base::Bind(&LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread, | 487 base::Bind(&LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread, |
| 491 weak_ptr_factory_.GetWeakPtr(), is_google)); | 488 weak_ptr_factory_.GetWeakPtr(), is_google)); |
| 492 } | 489 } |
| 493 | 490 |
| 494 void LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread( | 491 void LocalNtpSource::SetDefaultSearchProviderIsGoogleOnIOThread( |
| 495 bool is_google) { | 492 bool is_google) { |
| 496 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 493 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 497 | 494 |
| 498 default_search_provider_is_google_io_thread_ = is_google; | 495 default_search_provider_is_google_io_thread_ = is_google; |
| 499 } | 496 } |
| OLD | NEW |
