New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 723658 link

Starred by 5 users
Status: Fixed
Owner:
mad@chromium.org
Last visit 16 days ago
Closed: Oct 2017
Cc:
nparker@chromium.org
blumberg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Downloading files from an internal white listed domain displays a security warning message

Reported by robert.f...@gmail.com, May 17 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36

Steps to reproduce the problem:
1) Whitelist a domain in Chromium’s central management of policies and preferences by adding the domain to the "URLWhiteList" policy
2) Add a computer to the policy above.
3) Place a file such as "rtfViewer.jnlp" on your web server.
4) Download the file "rtfViewer.jnlp" from a Chrome web browser

What is the expected behavior?
The file "rtfViewer.jnlp" should automatically download without displaying the message "This type of file can harm your computer.  Do you want to keep rtfViewer.jnlp anyway?" 

What went wrong?
The message following was diplayed "This type of file can harm your computer.  Do you want to keep rtfViewer.jnlp anyway?" 

Did this work before? Yes In version 55 there was a user configuration setting to disable this warning message

Chrome version: 58.0.3029.110  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

Another alternative would be to add a group policy to disable this message similar to how an individual user could disable this warning message in the Chrome settings in version 55.

Comment 1 by elawrence@chromium.org, May 17 2017

Components: UI>Browser>SafeBrowsing Enterprise UI>Browser>Downloads
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Feature
I absolutely wouldn't expect that putting a site on the URLWhitelist to disable the Safe Browsing / Dangerous File Type Download warnings for that domain.

Offering a Group Policy that exempts certain hosts from the warning sounds like a reasonable feature request.

Comment 2 by nparker@chromium.org, May 17 2017

Cc: mad@chromium.org
Yea the URLWhitelist policy isn't intended for this (https://www.chromium.org/administrators/policy-list-3#URLWhitelist)

mad@ -- Would this feature request be covered by your  http://crbug.com/683797 ? Or is that just a general setting, that's not URL specific?  We have discussed having a "Safe Browsing Whitelist" policy setting, to cover cases like this. There's no bug filed for that yet.

Comment 3 by mad@chromium.org, May 17 2017 

 issue 683797  is more about blocking than whitelisting. There was a discussion about the whitelisting feature in https://bugs.chromium.org/p/chromium/issues/detail?id=683797#c9, but we agreed that this would be a separate policy than the one 683797 is about. I don't think another bug was created for the whitelist support, unless I just didn't see it go by, we should use this one here and add a comment about it in 683797.

Comment 4 by nyerramilli@chromium.org, May 18 2017

Labels: Needs-Triage-M58

Comment 5 by nparker@chromium.org, May 19 2017

Cc: nparker@chromium.org blumberg@chromium.org
Labels: SafeBrowsing-Triaged
Ok, I think it would make sense to add an enterprise policy whitelist that would exclude Safe Browsing checks from a set of URL patterns. This would mostly be used for download-protection, but it could apply to other safe browsing checks such as phishing.

blumberg -- How do we verify such a thing would be used/useful to enterprises?

Comment 6 by emaxx@chromium.org, May 21 2017

Cc: -blumberg@chromium.org
Labels: Enterprise-Triaged
Owner: blumberg@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 7 by mad@chromium.org, Jun 14 2017

Cc: -mad@chromium.org
Owner: mad@chromium.org
Status: Started (was: Assigned)
I started implementing some of the stuff described in  issue 683797  but not covered by the new download restriction policy.

Comment 8 by blumberg@chromium.org, Jun 14 2017

Cc: blumberg@chromium.org

Comment 9 by mad@chromium.org, Jun 15 2017 

This bug will concentrate on the "Disable SB pings for downloads from private networks." part of the features suggested in  issue 683797 .

The "Override auto-open / danger level -- possibly per origin" part was added a separate issue since it's a bit trickier, and anyway, it's best to add a single policy per CL, so might as well have separate crbug issues. More details in the new issue 733675.
Project Member

Comment 10 by bugdroid1@chromium.org, Jul 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/669452f6e42579d09851122adecb6f4a5297c9ea

commit 669452f6e42579d09851122adecb6f4a5297c9ea
Author: mad <mad@chromium.org>
Date: Tue Jul 04 19:39:29 2017

Add a new group policy to disable safe browsing for files downloaded from trusted sources.

TBR=jochen@chromium.org
for trivial change in:
chrome/browser/profiles/profile_impl.cc

BUG= 723658 

Review-Url: https://codereview.chromium.org/2943763002
Cr-Commit-Position: refs/heads/master@{#484149}

[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/BUILD.gn
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/chrome_download_manager_delegate.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/chrome_download_manager_delegate_unittest.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/download_prefs.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/download_prefs.h
[add] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/trusted_sources_manager.cc
[add] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/trusted_sources_manager.h
[add] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/trusted_sources_manager_posix.cc
[add] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/download/trusted_sources_manager_win.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/browser/profiles/profile_impl.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/common/chrome_switches.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/common/chrome_switches.h
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/common/pref_names.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/common/pref_names.h
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/components/policy/core/common/policy_loader_win.cc
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/components/policy/resources/policy_templates.json
[modify] https://crrev.com/669452f6e42579d09851122adecb6f4a5297c9ea/tools/metrics/histograms/enums.xml

Comment 11 by mea...@chromium.org, Oct 5 2017 

mad: Is there more work to be done here? Can this bug be closed? Thanks.

Comment 12 by mad@chromium.org, Oct 6 2017

Status: Fixed (was: Started)
I was keeping it open in case we want to add support for other OS, or if we want/need to add command line support.

But I guess we can close this one and open new issues if we need more functionality at one point... So done...

Sign in to add a comment