Allow *.googleapis.com to be used in CSP

extensions/common/csp_validator_unittest.cc

Index: extensions/common/csp_validator_unittest.cc
diff --git a/extensions/common/csp_validator_unittest.cc b/extensions/common/csp_validator_unittest.cc
index 727a0683c4178743f6082ecf0d03b46e6040b027..55f6fe93fe3859f21570a2007b147cc726361c0c 100644
--- a/extensions/common/csp_validator_unittest.cc
+++ b/extensions/common/csp_validator_unittest.cc
@@ -162,6 +162,13 @@ TEST(ExtensionCSPValidator, IsSecure) {
   EXPECT_FALSE(ContentSecurityPolicyIsSecure(
       "default-src 'self' filesystem:http://example.com/XXX",
       Manifest::TYPE_EXTENSION));
+
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' https://*.googleapis.com", Manifest::TYPE_EXTENSION));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' https://x.googleapis.com", Manifest::TYPE_EXTENSION));
+  EXPECT_TRUE(ContentSecurityPolicyIsSecure(
+      "default-src 'self' https://s3.amazonaws.com", Manifest::TYPE_EXTENSION));

[not at google - send to devlin, 2014/10/24 22:16:52]

Isn't s3.amazonaws.com considered secure either way (before and after your
change)? Can you test something that is affected by the change and/or would have
been a regression?

[robwu, 2014/10/24 22:34:08]

You're right, I've removed the amazonaws.com exception. I mistakenly thought
that being a public suffix meant that it cannot be whitelisted.

 }
 
 TEST(ExtensionCSPValidator, IsSandboxed) {