New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 678027 link

Starred by 3 users
Status: Assigned
Owner:
marcuskoehler@chromium.org
Cc:
monachow@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Captive portal allows incognito even when disallowed by enterprise policy (ChromeOS)

Reported by kba...@eastlinnchristian.org, Jan 3 2017 
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 8872.73.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.103 Safari/537.36
Platform: 8872.73.0 (Official Build) stable-channel peppy

Steps to reproduce the problem:
These steps allow a user to enter incognito mode even when it is disabled by enterprise policy.

1. Restart the Chromebook.
2. Connect to a wireless network with a captive portal.
3. Enter the user password.
4. While the profile is loading, click on the pop-up in the bottom right corner that says "Action required to connect"
5. The captive portal screen will pop up and overlay the main UI which loads in the background.
6. Two-finger tap in the captive portal screen and choose View Page Source.
7. A full browser session/tab opens in incognito mode.

What is the expected behavior?
Incognito should be blocked.

What went wrong?
When using the workaround as described above, the "Disallow incognito mode" policy is ignored.

Did this work before? N/A 

Chrome version: 55.0.2883.103  Channel: stable
OS Version: 8872.73.0
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by krishna...@chromium.org, Jan 3 2017

Cc: monachow@chromium.org

Comment 2 by tnagel@chromium.org, Jan 9 2017

Labels: Enterprise-Triaged
Owner: dskaram@chromium.org
Status: Assigned (was: Unconfirmed)
David for prioritization.

Comment 3 by dskaram@chromium.org, Jan 9 2017

Labels: -Pri-2 Pri-3
Interesting escape. Though given that it only happens with captive portal, not sure we should fix this right not. Will leave it in the tracker to make sure others can find and star so we can keep a hand on the pulse.

Comment 4 by kba...@eastlinnchristian.org, Jan 9 2017 

In our environment (education), students are using it to bypass all school and classroom management tools/extensions. This allows them to get around filtering as well. We use a captive portal because our wireless requires that they get a code from the teacher to go online.

Comment 5 by trapti@chromium.org, Jan 14 2017 

Could not repro this in M57.

Peppy

Columns
M	ChromeOS	Chrome	ARC	Type	Channel
57	9178.0.0	57.0.2978.0	3633241	release	dev

Comment 6 by kba...@eastlinnchristian.org, Jan 19 2017 

I just reproduced this on:

Version 57.0.2970.0 (Official Build) dev (64-bit)
Platform 9150.0.0 (Official Build) dev-channel gnawty
Firmware Google_Gnawty.5216.239.34

and

Version 55.0.2883.105 (64-bit)
Platform 8872.76.0 (Official Build) stable-channel gnawty
Firmware Google_Gnawty.5216.239.34

This model (Acer CB3-111) takes longer to log in and load the profile than the Acer C720 (Peppy). Is it possible to test with Gnawty on your end?

Comment 7 by dskaram@chromium.org, Aug 23

Owner: marcuskoehler@chromium.org

Sign in to add a comment