Add a policy for disabling the stripping of PAC URLs.

Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs before sending them to PAC scripts. This applies to all profiles, and all PAC scripts (including those discovered through WPAD, and those delivered over an insecure transport).

The intent of this policy is to help enterprises with a compatibility problem transition.

BUG=616396
TBR=isherman@chromium.org

Committed: https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834
Cr-Commit-Position: refs/heads/master@{#397808}

[eroman, 2016-06-03 06:24:38]

The CQ bit was checked by eroman@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-06-03 06:24:46]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2030193004/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/2030193004/1

[commit-bot: I haz the power, 2016-06-03 06:32:08]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-03 06:32:09]

Dry run: Try jobs failed on following builders:
  chromium_presubmit on tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)

[eroman, 2016-06-03 06:54:17]

Description was changed from

==========
TODO
BUG=
==========

to

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.
==========

[eroman, 2016-06-03 07:02:55]

The CQ bit was checked by eroman@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-06-03 07:03:12]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2030193004/40001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/2030193004/40001

[eroman, 2016-06-03 07:14:07]

Description was changed from

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.
==========

to

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
==========

[eroman, 2016-06-03 07:14:36]

eroman@chromium.org changed reviewers:
+ atwilson@chromium.org

[Andrew T Wilson (Slow), 2016-06-03 08:29:02]

LGTM, although we don't actually test that the policy value makes it down into
the proxy service (as I think you were referring to in your email).

Anyhow, fine to land as-is, since it doesn't look like there's a simple way to
test this, and the code fails safely anyway (if we regress the policy-setting
code, we default to the secure behavior of stripping URLs).

[commit-bot: I haz the power, 2016-06-03 08:36:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-06-03 08:36:53]

Dry run: This issue passed the CQ dry run.

[eroman, 2016-06-03 15:13:02]

I am exploring such a test as a follow-up.

[eroman, 2016-06-03 15:21:36]

eroman@chromium.org changed reviewers:
+ battre@chromium.org, isherman@chromium.org, mmenke@chromium.org

[eroman, 2016-06-03 15:21:36]

isherman:
  tools/metrics/histograms/histograms.xml
battre:
  chrome/browser/prefs/command_line_pref_store.cc
mmenke:
  chrome/browser/io_thread.cc
  chrome/browser/io_thread.h
  chrome/browser/profiles/profile_io_data.cc
atwilson:
  chrome/browser/policy/configuration_policy_handler_list_factory.cc
  chrome/browser/policy/policy_browsertest.cc
  components/policy/resources/policy_templates.json

[battre, 2016-06-03 15:36:15]

lgtm

[mmenke, 2016-06-03 15:59:23]

https://codereview.chromium.org/2030193004/diff/40001/chrome/browser/io_thread.h
File chrome/browser/io_thread.h (right):

https://codereview.chromium.org/2030193004/diff/40001/chrome/browser/io_threa...
chrome/browser/io_thread.h:241: // Returns true if the indicated proxy
resolution features are enabled.
Do we document these features anywhere in the source?  We don't in the prefs
file, we don't here, and we don't in ProxyServiceFactory::CreateProxyService. 
Think they should be documented somewhere, and have a pointer to that
documentation here.

[eroman, 2016-06-03 16:49:04]

I am also not sure why the title of the emails keeps showing up as TODO....
(since that is not the title of this CL).

https://codereview.chromium.org/2030193004/diff/40001/chrome/browser/io_thread.h
File chrome/browser/io_thread.h (right):

https://codereview.chromium.org/2030193004/diff/40001/chrome/browser/io_threa...
chrome/browser/io_thread.h:241: // Returns true if the indicated proxy
resolution features are enabled.
On 2016/06/03 15:59:22, mmenke wrote:
> Do we document these features anywhere in the source?  We don't in the prefs
> file, we don't here, and we don't in ProxyServiceFactory::CreateProxyService. 
> Think they should be documented somewhere, and have a pointer to that
> documentation here.

Done.

[mmenke, 2016-06-03 16:50:42]

LGTM

[eroman, 2016-06-03 20:55:34]

Description was changed from

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
==========

to

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
TBR=isherman@chromium.org
==========

[eroman, 2016-06-03 20:57:20]

TBR=isherman for the small histograms change.

[eroman, 2016-06-03 20:57:37]

The CQ bit was checked by eroman@chromium.org

[eroman, 2016-06-03 20:57:38]

The patchset sent to the CQ was uploaded after l-g-t-m from
atwilson@chromium.org, battre@chromium.org
Link to the patchset: https://codereview.chromium.org/2030193004/#ps60001
(title: "Add better documentatiob")

[commit-bot: I haz the power, 2016-06-03 20:58:22]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/2030193004/60001

[Ilya Sherman, 2016-06-03 21:21:56]

histograms.xml lgtm

[commit-bot: I haz the power, 2016-06-03 21:28:44]

Description was changed from

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
TBR=isherman@chromium.org
==========

to

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
TBR=isherman@chromium.org
==========

[commit-bot: I haz the power, 2016-06-03 21:28:46]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-06-03 21:30:16]

Description was changed from

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
TBR=isherman@chromium.org
==========

to

==========
Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this
security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs
before sending them to PAC scripts. This applies to all profiles, and all PAC
scripts (including those discovered through WPAD, and those delivered over an
insecure transport).

The intent of this policy is to help enterprises with a compatibility problem
transition.

BUG=616396
TBR=isherman@chromium.org

Committed: https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834
Cr-Commit-Position: refs/heads/master@{#397808}
==========

[commit-bot: I haz the power, 2016-06-03 21:30:18]

Patchset 4 (id:??) landed as
https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834
Cr-Commit-Position: refs/heads/master@{#397808}