laforge, unless you find a way to add this option into the consumer version of Chrome, that will not help the very company that prompted you to file this issue in the first place.  That company provides a full education to children via a web portal.  The computers used are in each home and are not part of any Enterprise.

What would help this company is if the domain and cross-domain are BOTH added into the 'allow' list by the end user -- that flash works.

We are experiencing the same problem, in ticket no. 13449698 with G Suite support they told me that it would be unlikely to be developed because Flash is being deprecated in Chrome.  However, until that deprecation actually happens, we really need a way to fully whitelist sites for Enterprise deployments, whether it affects Laforge's client or not.  

Hey Raymes,

Could you take a look at this?

slight clarification after discussion w/laforge :

-if this policy is enabled && Flash is enabled for the site (either by policy or by user exception), small form / cross origin Flash content is allowed to play w/o prompt.

Can you tell me which policy are you referring to?  The only way we've seen to get small flash content to run is to have it whitelisted and then have the user allow it via prompt, but we havent found a way to remove the prompt for all users.

The intent of this issue is to explore creating such a policy setting.  No such setting exists today.

this isn't a currently defined policy - it is something we are looking to add.

Please add this policy ASAP (preferably as a whitelisted-per domain policy akin to the current Allow Plugins policy).

Use case: McGraw-Hill Education's ConnectED online textbook software uses this all over the place. Example screenshot attached. There are two flash elements on the page: the video (which will play), and a tiny bit attached to the speaker icon at the top (which will not play), and a blocked popup asking for Flash permission. We've already whitelisted this domain (thus the video playing).

The embed that fails:
<embed src="/connected/static/connected/1500453330/flash/AudioPlayIcon.swf" id="visualVocab-definition-audioPlayer" name="visualVocab-definition-audioPlayer" width="1" height="1" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" quality="high" allowscriptaccess="sameDomain" base="/connected/static/connected/1500453330/flash" flashvars="contentType=audio&amp;url=https://catalog.mcgraw-hill.com/secure/NQG1CGBLRMHMZ2J7SGV0QPS0BQ;s=75E788D207048F2FBA5D1032D6EECCF4&amp;autoStart=false&amp;objectId=visualVocab-definition-audioPlayerTrigger-6QFPXT4QP1BDCCXJEJKR7QQV9Q">

Deleted: 2017-09-21 10_46_48-Words to Know.png 407 KB

	2017-09-21 10_46_48-Words to Know.png 407 KB View Download

Here's a CL that's likely relevant to this implementation (sans the enterprise policy setting).

https://chromium-review.googlesource.com/c/chromium/src/+/580363

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19190738b289318904bbe7f599de472a3225f90c

commit 19190738b289318904bbe7f599de472a3225f90c
Author: Bernhard Bauer <bauerb@chromium.org>
Date: Thu Sep 28 09:03:33 2017

Add a policy to run all Flash content when the content setting is ALLOW.

Bug:  760201 
Change-Id: Ic844e6cb152fbe83f618422542fd16f0737d7089
Reviewed-on: https://chromium-review.googlesource.com/681255
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Trent Apted <tapted@chromium.org>
Commit-Queue: Bernhard Bauer <bauerb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504948}
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/plugins/plugin_info_message_filter.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/plugins/plugin_info_message_filter.h
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/plugins/plugin_info_message_filter_unittest.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/plugins/plugin_power_saver_browsertest.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/prefs/browser_prefs.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/browser/ui/browser_ui_prefs.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/common/pref_names.cc
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/common/pref_names.h
[add] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/test/data/plugin_power_saver/run_all_flash.html
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/components/policy/resources/policy_templates.json
[modify] https://crrev.com/19190738b289318904bbe7f599de472a3225f90c/tools/metrics/histograms/enums.xml

Reopened, because the following behavior was observed:

1. Two user policy parameters are set:

DefaultPluginsSetting=1
RunAllFlashInAllowMode=true

2. When attempted to open some Flash content need to allow to Run Flash (see attached screenshots).

When the content setting is ALLOW, there is no different behavior of small Flash content on the test web-page ultrasounds.com in both cases of the RunAllFlashInAllowMode policy (true or false).

Also please find attached policies.json file.

Chrome: 63.0.3239.42
Chrome OS: 10032.32.0
Device: Kip

Deleted: Screenshot 2017-11-10 at 4.25.21 PM.png 81.9 KB

	Screenshot 2017-11-10 at 4.25.21 PM.png 81.9 KB View Download

Deleted: Screenshot 2017-11-10 at 4.21.39 PM.png 94.8 KB

	Screenshot 2017-11-10 at 4.21.39 PM.png 94.8 KB View Download

Deleted: policies.json 11.2 KB

policies.json 11.2 KB View Download

The "Always allow" mode was removed in Chrome 62 and will behave identically to "Ask"/ "Click to Play."  Our recommendation for Enterprise admins, who want to preserve that behavior, is to add content exceptions (e.g., "http://*" and "https://*") to PluginsAllowedForUrls.

Those additional policy settings should enable the expected behavior.

More info on that policy can be found here:

https://support.google.com/chrome/a/answer/7084871?hl=en

Verified fixed. When exceptions (http://*, https://*) added to PluginsAllowedForUrls, Flash content runs by default including all small/tiny elements. Tested on the following: http://ultrasounds.com, https://www.cnn.com

The RunAllFlashInAllowMode policy is set to true.

Chrome: 63.0.3239.42
Chrome OS: 10032.32.0
Device: Kip

Adding comment in case someone has similar problems as me

Version 62.0.3202.94 (Official Build) (64-bit)  (marked as up to date at this moment)

With DefaultPluginsSetting set to 1 
RunAllFlashInAllowMode and PluginsAllowedForUrls do not work
to have them work DefaultPluginsSetting has to be removed

Where does the setting for RunAllFlashInAllowMode show up in the G-Suite admin console?

Hey Raj,

Is there a toggle for RunAllFlashInAllowMode in the Admin Console?

The silence leads me to believe that nobody thought to put in in the Admin Console.

I added "http://*" and "https://*" to PluginsAllowedForUrls, and I am not allowed to open bare links to SWF files - they download to local filesystem, and can't be opened (download loop.)

Site specific or plugins settings show Flash as allowed for all (set by admin).

Users can use UI can drill into Settings ... Content settings ... Flash, which is set to 'Ask first'. If you drill into this, Flash shows 'Ask first (recommended)' as controlled by admin, and Flash allows on http://* and https://*

Should this be something that DOES allow SWFs to play as bare links (not SWFs as part of an embed.)

A lots of educational content is impacted by this, as many textbook manufacturers have directories of raw SWF files, with no embeds. :/

It looks like wildcards have to be added like this:
[*.]google.com

You also have to make sure you enable the new policy RunAllFlashInAllowMode, its in the latest GPO admin templates or you can set it via registry.