ChromeOS: Implement CaptivePortalAuthenticationIgnoresProxy policy.

components/policy/resources/policy_templates.json

Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 7f159c7c76b6f9208b47f88e76661cbb0e787d9a..36de94bcc2d9296a6b7d99b28798fe32de984ae8 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -123,7 +123,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 284
+#   For your editing convenience: highest ID currently used: 285
 #
 # Placeholders:
 #   The following placeholder strings are automatically substituted:
@@ -1245,6 +1245,51 @@
       'label': '''Clear site data on browser shutdown (deprecated)''',
     },
     {
+      'name': 'CaptivePortalAuthenticationIgnoresProxy',

[bartfab (slow), 2014/12/19 12:08:54]

We have a group for proxy settings. Please move this policy in there.

[Alexander Alekseev, 2014/12/22 22:20:11]

I've moved it out of this group, because group description ("if this policy is
not set, all settings in the group are ignored") conflicts with this policy
description.

+      'type': 'int-enum',
+      'schema': {
+        'type': 'integer',
+        'enum': [ 0, 1, 2 ],
+      },
+      'items': [
+        {
+          'name': 'False',
+          'value': 0,
+          'caption': '''Captive portal authernication will use current proxy settings''',

[bartfab (slow), 2014/12/19 12:08:54]

Nit: s/authernication/authentication/

[Alexander Alekseev, 2014/12/22 22:20:12]

Done.

+        },
+        {
+          'name': 'True',
+          'value': 1,
+          'caption': '''Captive portal authernication window will ignore proxy settings''',

[bartfab (slow), 2014/12/19 12:08:54]

Nit: s/authernication/authentication/

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+        },
+        {
+          'name': 'UserDefined',
+          'value': 2,
+          'caption': '''Users will be able to configure this parameter in about:flags''',

[bartfab (slow), 2014/12/19 12:08:54]

about:flags is not meant to be a place where you tweak configuration settings.
It is OK to add flags to control features under development but once a feature
ships, any flags should be removed. Making a flag a permanent control goes
against this rule.

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+        },
+      ],
+      'supported_on': ['chrome_os:41-'],
+      'features': {
+        'can_be_recommended': False,

[bartfab (slow), 2014/12/19 12:08:54]

Your option 2 is semantically very close to a recommended policy. Why not turn
this into a boolean (use proxy / bypass proxy) and allow it to be recommended,
so that the user can override it?

[Alexander Alekseev, 2014/12/22 22:20:11]

As far, as I understand discussion in
https://docs.google.com/a/chromium.org/document/d/1XhwsJU9hoq-Pm73Nwk7w8edM2W...
, we want new behavior (ignore proxy for captive portals) by default for
ordinary users, but old algorithm (enforce proxy) for enrolled devices.

Most of binary policies are actually ternary "Unset/True/False". But this one
doesn't have "Unset" value, so I've created enum here to keep ternary behavior.

+        'dynamic_refresh': True,
+        'per_profile': True,
+      },
+      'example_value': 0,
+      'id': 285,
+      'caption': '''Captive Portal Authentication Ignores Proxy''',

[bartfab (slow), 2014/12/19 12:08:54]

Nit: Please use regular capitalization, not title case.

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+      'desc': '''<ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will bypass any proxy for Captive Portal authentication.
+
+      This policy only takes effect if proxy is configured (either in domain policy, or by user in chrome:settings).

[bartfab (slow), 2014/12/19 12:08:54]

Nit 1: s/in domain/through/
Nit 2: s/by/by the/
Nit 3: s|chrome:settings|chrome://settings|

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+
+      If you enable this setting, captive portal authentication page will be displayed in a separate window ignoring all proxy settings.

[bartfab (slow), 2014/12/19 12:08:54]

Nit 1: s/captive/any captive/
Nit 2: s/page/pages/

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+
+      If you disable this setting, captive portal authentication page will be shown in a (regular) new browser tab.

[bartfab (slow), 2014/12/19 12:08:54]

Nit 1: s/captive/any captive/
Nit 2: s/page/pages/

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+
+      If you set this policy to 'UserDefined', users would be able to configure this parameter in about:flags.

[bartfab (slow), 2014/12/19 12:08:54]

As discussed above, this should be handled via recommended policy and should not
use about:flags as a configuration mechanism.

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+
+      Leaving this policy not set eaquals to 'False' policy value.''',

[bartfab (slow), 2014/12/19 12:08:54]

Nit 1: s/eaquals/equals/
Nit 2: You can fold this into the disabled case above:

"If you disable this setting or leave it unset, ..."

[Alexander Alekseev, 2014/12/22 22:20:11]

Done.

+    },
+    {
       'name': 'Proxy',
       'type': 'group',
       'caption': '''Proxy server''',