Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/policy/resources/policy_templates.json

Issue 2059673002: Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2743
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/policy/cloud/cloud_policy_browsertest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 77147b4660e9b773c0bf8a277728382465b3169f..071687bf50e9ad86f6e8fb6b2857a38d57fc5f9d 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -8577,13 +8577,29 @@
},
'example_value': False,
'id': 332,
+ 'default_for_enterprise_users': False,
'caption': '''Enable PAC URL stripping (for https://)''',
'tags': ['system-security'],
'desc': '''Strips privacy and security sensitive parts of https:// URLs before passing them on to PAC scripts (Proxy Auto Config) used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> during proxy resolution.
- When not set (or set to true) the default behavior is to strip https:// URLs before submitting them to a PAC script. In this manner the PAC script is not able to view data that is ordinarily protected by an encrypted channel (like the path and query).
+ When True, the security feature is enabled, and https:// URLs are
+ stripped before submitting them to a PAC script. In this manner the PAC
+ script is not able to view data that is ordinarily protected by an
+ encrypted channel (such as the URL's path and query).
+
+ When False, the security feature is disabled, and PAC scripts are
+ implicitly granted the ability to view all components of an https://
+ URL. This applies to all PAC scripts regardless of origin (including
+ those fetched over an insecure transport, or discovered insecurely
+ through WPAD).
+
+ This defaults to True (security feature enabled), except for Chrome OS
+ enterprise users for which this currently defaults to False.
+
+ It is recommended that this be set to True. The only reason to set it to
+ False is if it causes a compatibility problem with existing PAC scripts.
- When the policy is set to false, this security feature is disabled, and PAC scripts are granted the ability to view the full URL. This setting applies to all PAC scripts regardless of origin. For instance it applies to PAC scripts obtained through WPAD as well as those fetched over an insecure transport.''',
+ The desire is to remove this override in the future.''',
},
],
'messages': {
« no previous file with comments | « chrome/browser/policy/cloud/cloud_policy_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698