Index: chrome/browser/search/local_ntp_source.cc |
diff --git a/chrome/browser/search/local_ntp_source.cc b/chrome/browser/search/local_ntp_source.cc |
index 82c7d3a7dcf71789797d82f3adfc3815098ed574..85821bc805245b8f04dc42d5d69acd09c9aacbcf 100644 |
--- a/chrome/browser/search/local_ntp_source.cc |
+++ b/chrome/browser/search/local_ntp_source.cc |
@@ -431,11 +431,8 @@ std::string LocalNtpSource::GetContentSecurityPolicyChildSrc() const { |
if (one_google_bar_service_) { |
// Allow embedding of the most visited iframe, as well as the account |
// switcher and the notifications dropdown from the One Google Bar. |
- // TODO(treib): Figure out a way to also allow staging instances. |
- return base::StringPrintf( |
- "child-src %s https://accounts.google.com/ https://docs.google.com " |
- "https://notifications.google.com;", |
- chrome::kChromeSearchMostVisitedUrl); |
fhorschig
2017/05/03 10:41:59
As discussed offline, please point this out in the
|
+ return base::StringPrintf("child-src %s https://*.google.com/;", |
+ chrome::kChromeSearchMostVisitedUrl); |
} |
// Allow embedding of the most visited iframe. |
return base::StringPrintf("child-src %s;", |