"Always allowed to run" overrides enterprise plugin policy |
|||||||||||
Issue descriptionA user can tick "Always allowed to run" for Adobe Flash Player, and it will always run without prompting, even if the enterprise has set a click-to-play policy (DefaultPluginsSetting to 3 = Click to play).
,
Jun 1 2016
,
Jun 2 2016
,
Jun 2 2016
I'll look into this.
,
Jun 7 2016
Under policy settings, "Default plugings settings" the options are:
A. Allow all sites to automatically run plugins
B. Block all plugins
C. Click to play
Under chrome://settings/content, the options under "Plugins" are:
1. Run all plugin content
2. Detect and run important plugin content (recommended)
3. Let me choose when to run plugin content
The mappings are A => 1, {B,C} => 3
Meanwhile, under chrome://plugins there's also "Always allowed to run".
- If "Disable": Flash vanishes regardless of {A,B,C}.
- If unchecked: Flash box appears, {A,B,C} work as:
A => Plays.
B => "Adobe Flash Player is not allowed"
C => "Right-click to play Adobe Flash Player"
- If checked: Flash box appears, {A,B,C} work as:
A => Plays.
B => "Adobe Flash Player is not allowed"
C => Plays. [PROBLEM IS HERE]
,
Jun 7 2016
I agree with #5 I was thinking make policy C "Click to play" force-disable and grey out the checkbox "Always allowed to run" and make it force disabled. I don't think this has any unwanted side effects. If you want I can land this code, since I made some changes to this recently anyway.
,
Jun 7 2016
wfh@: Okay, I'm assigning the bug to you. Thanks!
,
Jun 8 2016
,
Jul 11 2016
,
Jul 14 2016
Issue 625783 has been merged into this issue.
,
Jul 14 2016
Any chance you can make this change soonish so that it ends up in the next release? Maybe even propose it for merging into 53 if this is considered critical enough. Obviously the fixit is now over so it won't make it for it :)
,
Jul 14 2016
Sure, I can do this now*. * by some loose definition of now.
,
Jul 19 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9610a5e34ea06ea1c9067f72224a62658620108c commit 9610a5e34ea06ea1c9067f72224a62658620108c Author: wfh <wfh@chromium.org> Date: Tue Jul 19 02:58:21 2016 Disallow user overrides to enterprise policy for plugins. This CL changes the code in two places: Firstly, in the actual plugin loading logic, in PluginInfoMessageFilter::Context::GetPluginContentSetting there was previously an exception for CONTENT_SETTING_ASK which meant that it could override enterprise policy. Secondly, in the UI, this disables the tick box to "Always allowed to run" on chrome://plugins when enterprise policy is CONTENT_SETTING_ASK (3). BUG= 616218 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation Review-Url: https://codereview.chromium.org/2150323003 Cr-Commit-Position: refs/heads/master@{#406197} [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/plugins/plugin_info_message_filter.cc [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/resources/plugins.html [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/resources/plugins.js [add] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/ui/webui/plugins/OWNERS [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/ui/webui/plugins/plugins.mojom [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/ui/webui/plugins/plugins_handler.cc [modify] https://crrev.com/9610a5e34ea06ea1c9067f72224a62658620108c/chrome/browser/ui/webui/plugins/plugins_handler.h
,
Aug 20 2016
Should the status be changed to Fixed?
,
Sep 15 2016
think so. was never verified by TE so hopefully setting this to fixed will trigger that. this was in 54.0.2801.0 so can be verified in beta 54.0.2840.27 |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by wfh@chromium.org
, Jun 1 2016Components: Security
Status: Available (was: Untriaged)