New issue
Advanced search Search tips

Issue 616396 link

Starred by 3 users
Status: Fixed
Owner:
eroman@chromium.org
Closed: Jun 2016
Cc:
pastarmovj@chromium.org
atwilson@chromium.org
pucchakayala@chromium.org
georgesak@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug

Blocking:
issue 593759



Sign in to add a comment

PAC proxy URL stripping needs enterprise policy controls

Project Member Reported by atwilson@chromium.org, Jun 1 2016 
The PAC proxy URL stripping functionality we just added needs enterprise controls to disable it temporarily to give enterprises time to address compatibility issues.

Eric, happy to help with this with technical guidance, reviews, etc. Let me know how my team can assist.
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 1 2016

Labels: -M-52 MovedFrom-52
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 2 by eroman@chromium.org, Jun 1 2016

Labels: -M-53 -MovedFrom-52 M-52
Status: Assigned (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Jun 3 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9f7ea64cf573101c01ddcf020b87c63089038834

commit 9f7ea64cf573101c01ddcf020b87c63089038834
Author: eroman <eroman@chromium.org>
Date: Fri Jun 03 21:28:29 2016

Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs before sending them to PAC scripts. This applies to all profiles, and all PAC scripts (including those discovered through WPAD, and those delivered over an insecure transport).

The intent of this policy is to help enterprises with a compatibility problem transition.

BUG= 616396 
TBR=isherman@chromium.org

Review-Url: https://codereview.chromium.org/2030193004
Cr-Commit-Position: refs/heads/master@{#397808}

[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/io_thread.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/io_thread.h
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/net/proxy_service_factory.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/net/proxy_service_factory.h
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/policy/policy_browsertest.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/prefs/command_line_pref_store.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/common/pref_names.cc
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/common/pref_names.h
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/components/policy/resources/policy_templates.json
[modify] https://crrev.com/9f7ea64cf573101c01ddcf020b87c63089038834/tools/metrics/histograms/histograms.xml
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/20733647674a30aca99305ebfcfbabc16a8ef958

commit 20733647674a30aca99305ebfcfbabc16a8ef958
Author: eroman <eroman@chromium.org>
Date: Thu Jun 09 06:30:48 2016

Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users.

(The plan is to control rollout from the server side, out of concern over compatibility.)

BUG= 616396 

Review-Url: https://codereview.chromium.org/2036983004
Cr-Commit-Position: refs/heads/master@{#398797}

[modify] https://crrev.com/20733647674a30aca99305ebfcfbabc16a8ef958/chrome/browser/policy/cloud/cloud_policy_browsertest.cc
[modify] https://crrev.com/20733647674a30aca99305ebfcfbabc16a8ef958/components/policy/resources/policy_templates.json

Comment 5 by eroman@chromium.org, Jun 9 2016

Labels: Merge-Request-52

Comment 6 by eroman@chromium.org, Jun 9 2016 

I am requesting a merge to M52 of both:

  9f7ea64cf573101c01ddcf020b87c63089038834
  20733647674a30aca99305ebfcfbabc16a8ef958

Together these changes comprise the enterprise policy follow-ups as described at https://bugs.chromium.org/p/chromium/issues/detail?id=593759#c65 (compatibility escape-hatch for a security bugfix).

At the time of this writing, 9f7ea64cf573101c01ddcf020b87c63089038834 has been tested on  Canary channel and should meet our merge criteria.

20733647674a30aca99305ebfcfbabc16a8ef958 has not yet gone through a canary cycle -- I can hold off until that happens if desired. However given it is flipping a default for Chrome OS managed enterprise-only code, I don't consider the Canary channel to be a reliable metric to block on for it.

Comment 7 by tin...@google.com, Jun 10 2016

Labels: -Merge-Request-52 Merge-Approved-52 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M52 (branch: 2743)
Project Member

Comment 8 by bugdroid1@chromium.org, Jun 10 2016

Labels: -merge-approved-52 merge-merged-2743
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4874cac8cee7b9735893e678758a53dcede20700

commit 4874cac8cee7b9735893e678758a53dcede20700
Author: Eric Roman <eroman@chromium.org>
Date: Fri Jun 10 07:57:42 2016

Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs before sending them to PAC scripts. This applies to all profiles, and all PAC scripts (including those discovered through WPAD, and those delivered over an insecure transport).

The intent of this policy is to help enterprises with a compatibility problem transition.

BUG= 616396 
TBR=isherman@chromium.org

Review-Url: https://codereview.chromium.org/2030193004
Cr-Commit-Position: refs/heads/master@{#397808}
(cherry picked from commit 9f7ea64cf573101c01ddcf020b87c63089038834)

Review URL: https://codereview.chromium.org/2059513003 .

Cr-Commit-Position: refs/branch-heads/2743@{#309}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/io_thread.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/io_thread.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/net/proxy_service_factory.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/net/proxy_service_factory.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/policy/policy_browsertest.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/prefs/command_line_pref_store.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/common/pref_names.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/common/pref_names.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/components/policy/resources/policy_templates.json
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/tools/metrics/histograms/histograms.xml
Project Member

Comment 9 by bugdroid1@chromium.org, Jun 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6

commit b2b73fbe19c5d722efa6efd01d3fca58e4561fa6
Author: Eric Roman <eroman@chromium.org>
Date: Fri Jun 10 08:05:42 2016

Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users.

(The plan is to control rollout from the server side, out of concern over compatibility.)

BUG= 616396 

Review-Url: https://codereview.chromium.org/2036983004
Cr-Commit-Position: refs/heads/master@{#398797}
(cherry picked from commit 20733647674a30aca99305ebfcfbabc16a8ef958)

Review URL: https://codereview.chromium.org/2059673002 .

Cr-Commit-Position: refs/branch-heads/2743@{#310}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6/chrome/browser/policy/cloud/cloud_policy_browsertest.cc
[modify] https://crrev.com/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6/components/policy/resources/policy_templates.json

Comment 10 by eroman@chromium.org, Jun 10 2016

Status: Fixed (was: Assigned)

Comment 11 by eroman@chromium.org, Jun 10 2016

Blocking: 593759
Project Member

Comment 12 by bugdroid1@chromium.org, Jun 15 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4874cac8cee7b9735893e678758a53dcede20700

commit 4874cac8cee7b9735893e678758a53dcede20700
Author: Eric Roman <eroman@chromium.org>
Date: Fri Jun 10 07:57:42 2016

Add a policy for disabling the stripping of PAC URLs.

The default is to strip https:// URLs before submitting them to PAC scripts.

This CL introduces the policy "PacHttpsUrlStrippingEnabled" for disabling this security feature.

Setting the policy to "false" causes Chrome to no longer strip https:// URLs before sending them to PAC scripts. This applies to all profiles, and all PAC scripts (including those discovered through WPAD, and those delivered over an insecure transport).

The intent of this policy is to help enterprises with a compatibility problem transition.

BUG= 616396 
TBR=isherman@chromium.org

Review-Url: https://codereview.chromium.org/2030193004
Cr-Commit-Position: refs/heads/master@{#397808}
(cherry picked from commit 9f7ea64cf573101c01ddcf020b87c63089038834)

Review URL: https://codereview.chromium.org/2059513003 .

Cr-Commit-Position: refs/branch-heads/2743@{#309}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/io_thread.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/io_thread.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/net/proxy_service_factory.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/net/proxy_service_factory.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/policy/policy_browsertest.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/prefs/command_line_pref_store.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/common/pref_names.cc
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/common/pref_names.h
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/components/policy/resources/policy_templates.json
[modify] https://crrev.com/4874cac8cee7b9735893e678758a53dcede20700/tools/metrics/histograms/histograms.xml
Project Member

Comment 13 by bugdroid1@chromium.org, Jun 15 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6

commit b2b73fbe19c5d722efa6efd01d3fca58e4561fa6
Author: Eric Roman <eroman@chromium.org>
Date: Fri Jun 10 08:05:42 2016

Default the PacHttpsUrlStrippingEnabled policy to False for Chrome OS enterprise users.

(The plan is to control rollout from the server side, out of concern over compatibility.)

BUG= 616396 

Review-Url: https://codereview.chromium.org/2036983004
Cr-Commit-Position: refs/heads/master@{#398797}
(cherry picked from commit 20733647674a30aca99305ebfcfbabc16a8ef958)

Review URL: https://codereview.chromium.org/2059673002 .

Cr-Commit-Position: refs/branch-heads/2743@{#310}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6/chrome/browser/policy/cloud/cloud_policy_browsertest.cc
[modify] https://crrev.com/b2b73fbe19c5d722efa6efd01d3fca58e4561fa6/components/policy/resources/policy_templates.json

Comment 14 by scunning...@chromium.org, Jun 29 2016

Cc: pucchakayala@chromium.org
Labels: OS-All

Sign in to add a comment