components/policy/resources/policy_templates.json - Issue 2036983004: Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/policy/resources/policy_templates.json

Issue 2036983004: Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: one more Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/policy/resources/policy_templates.json

diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json

index e4ff7bc34e655cae84b919a15cf1d92142828d9d..1ce443150779b2c7ed558edfbf93e956ca1be39a 100644

--- a/components/policy/resources/policy_templates.json

+++ b/components/policy/resources/policy_templates.json

@@ -8591,13 +8591,29 @@

'example_value': False,

'id': 332,

+ 'default_for_enterprise_users': False,

'caption': '''Enable PAC URL stripping (for https://)''',

'tags': ['system-security'],

'desc': '''Strips privacy and security sensitive parts of https:// URLs before passing them on to PAC scripts (Proxy Auto Config) used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> during proxy resolution.

- When not set (or set to true) the default behavior is to strip https:// URLs before submitting them to a PAC script. In this manner the PAC script is not able to view data that is ordinarily protected by an encrypted channel (like the path and query).

+ When True, the security feature is enabled, and https:// URLs are

+ stripped before submitting them to a PAC script. In this manner the PAC

+ script is not able to view data that is ordinarily protected by an

+ encrypted channel (such as the URL's path and query).

+ When False, the security feature is disabled, and PAC scripts are

+ implicitly granted the ability to view all components of an https://

+ URL. This applies to all PAC scripts regardless of origin (including

+ those fetched over an insecure transport, or discovered insecurely

+ through WPAD).

+ This defaults to True (security feature enabled), except for Chrome OS

+ enterprise users for which this currently defaults to False.

+ It is recommended that this be set to True. The only reason to set it to

+ False is if it causes a compatibility problem with existing PAC scripts.

- When the policy is set to false, this security feature is disabled, and PAC scripts are granted the ability to view the full URL. This setting applies to all PAC scripts regardless of origin. For instance it applies to PAC scripts obtained through WPAD as well as those fetched over an insecure transport.''',

+ The desire is to remove this override in the future.''',

Andrew T Wilson (Slow) 2016/06/07 12:59:02 I believe this is reasonable as it stands, but ide

'messages': {

« no previous file with comments | « chrome/browser/policy/cloud/cloud_policy_browsertest.cc ('k') | no next file » | no next file with comments »