--Chrome Identity automated triaging--

This bug is Untriaged and has gone for two weeks without any activity, so it is being moved to Available. Please see https://goo.gl/78kbny for more details. Please remove the Services>SignIn or UI>Browser>Profiles components if this bug isn't related to Chrome Identity.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I'm not able to repro this on Canary (when I click the avatar to change it, it brings up the regular dialogue to upload another photo, pick another photo, etc.)

David, are you still repro'ing this? What version of Chrome were you running? Is this an identity issue or an NTP issue?

I can still repro with Chromium (trunk) on Linux.
I have not tried with Canary.

I think it's a problem with that Web UI and CSP.

Changing the component to NewTabPage, since I don't think this is a Profiles/SignIn issue.

Ramya - is this something for the One Google bar team?

Thanks for filing this - it looks like it's limited to the Local NTP, which uses a special version of the One Google Bar. I've filed b/112048257 to track that internally with the One Google team.

This might have been the cause: https://bugs.chromium.org/p/chromium/issues/detail?id=797461#c43

+kmilka FYI, since you're looking at b/112048257

+karandeepb, since I suspect this may have something to do with https://crrev.com/c/1026996. 

It looks like that change added some necessary security restrictions. Can you help us figure out how to support the getting the profile data without breaking the restrictions for extensions? Thanks!

I'm not sure https://crrev.com/c/1026996 would have affected this - it only hides requests from extensions, and shouldn't affect any other security restrictions.  droger@, if you can still repro on trunk, could you try reverting https://crrev.com/c/1026996 and seeing if that fixes the issue?  (I suspect not, but it's certainly possible!)

I tried checking out the commit landed right before https://crrev.com/c/1026996 and get the same errors, same with Chrome versions 63.0.3203.0 and 65.0.3283.0.

Another possible CSP problem with the OGB, not sure if it should be a separate bug.
I have seen the following errors after signing into Chrome:

[194004:194004:0822/105314.311490:ERROR:CONSOLE(0)] "Access to XMLHttpRequest at 'https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://notifications.google.com/u/0/_/idv2&followup=https://notifications.google.com/u/0/_/idv2&authuser=0' (redirected from 'https://notifications.google.com/u/0/_/idv2') from origin 'https://notifications.google.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.", source: https://notifications.google.com/u/0/widget?sourceid=243&hl=en&origin=chrome-search%3A%2F%2Flocal-ntp&uc=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.bSfaJ330ulQ.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo9ETX0ujNe7X7enovCK61wuo61HKQ%2Fm%3D__features__#pid=243&_methods=onError%2ConInfo%2ChideNotificationWidget%2CpostSharedMessage%2Creauth%2CsetNotificationWidgetHeight%2CsetNotificationWidgetSize%2CswitchTo%2CnavigateTo%2CsetNotificationText%2CsetNotificationAnimation%2CgetNotificationText%2CvalidateUser%2C_ready&id=I0_1534927993743&_gfid=I0_1534927993743&parent=chrome-search%3A%2F%2Flocal-ntp&pfname=&rpctoken=16872062 (0)

[194004:194004:0822/105314.315304:ERROR:CONSOLE(0)] "Access to XMLHttpRequest at 'https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://notifications.google.com/u/0/_/NotificationsOgbUi/idv/&followup=https://notifications.google.com/u/0/_/NotificationsOgbUi/idv/&authuser=0' (redirected from 'https://notifications.google.com/u/0/_/NotificationsOgbUi/idv/') from origin 'https://notifications.google.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.", source: https://notifications.google.com/u/0/widget?sourceid=243&hl=en&origin=chrome-search%3A%2F%2Flocal-ntp&uc=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.bSfaJ330ulQ.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo9ETX0ujNe7X7enovCK61wuo61HKQ%2Fm%3D__features__#pid=243&_methods=onError%2ConInfo%2ChideNotificationWidget%2CpostSharedMessage%2Creauth%2CsetNotificationWidgetHeight%2CsetNotificationWidgetSize%2CswitchTo%2CnavigateTo%2CsetNotificationText%2CsetNotificationAnimation%2CgetNotificationText%2CvalidateUser%2C_ready&id=I0_1534927993743&_gfid=I0_1534927993743&parent=chrome-search%3A%2F%2Flocal-ntp&pfname=&rpctoken=16872062 (0)

 Issue 880235  has been merged into this issue.

This should be fixed now. Probably move c17 to a new bug if we're still seeing that issue.

droger@: Can you confirm that the issue in comment 17 still occurs for you? (I cannot repro in M69 Stable or M71 Canary). Thanks!