Block all web requests until force enrollment status has been confirmed.

chrome/browser/policy/policy_helpers.cc

Index: chrome/browser/policy/policy_helpers.cc
diff --git a/chrome/browser/policy/policy_helpers.cc b/chrome/browser/policy/policy_helpers.cc
index e9b6983d65117261a446f62a4c3f4f85f3912cba..460be0f7aa02d138b1f515573fb2af1804afc718 100644
--- a/chrome/browser/policy/policy_helpers.cc
+++ b/chrome/browser/policy/policy_helpers.cc
@@ -6,6 +6,11 @@
 
 #include "url/gurl.h"
 
+#if defined(OS_CHROMEOS)
+#include "base/command_line.h"
+#include "chromeos/chromeos_switches.h"
+#endif
+
 #if !defined(OS_CHROMEOS) && !defined(OS_IOS)
 #include "chrome/browser/signin/signin_manager.h"
 #include "google_apis/gaia/gaia_urls.h"
@@ -14,7 +19,18 @@
 namespace policy {
 
 bool OverrideBlacklistForURL(const GURL& url, bool* block) {
-#if defined(OS_CHROMEOS) || defined(OS_IOS)
+#if defined(OS_CHROMEOS)
+  // On ChromeOS browsing is only allowed once OOBE has completed. Therefore all
+  // requests are blocked until this condition is met.
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+      chromeos::switches::kOobeGuestSession)) {

[Mattias Nissler (ping if slow), 2014/03/25 14:20:45]

Is this indentation legit? My gut feeling is +4

+    if (url.SchemeIs("http") || url.SchemeIs("https") || url.SchemeIs("ftp")) {

[Mattias Nissler (ping if slow), 2014/03/25 14:20:45]

So you're still blacklisting stuff? Didn't we decide to white-list?

+      *block = true;
+      return true;
+    }
+  }
+  return false;
+#elif defined(OS_IOS)
   return false;
 #else
   static const char kServiceLoginAuth[] = "/ServiceLoginAuth";