Modify UnsafelyTreatInsecureOriginAsSecure policy for HTTP-Bad |
|||||||
Issue descriptionFor the HTTP-Bad rollout in M68, we need a few changes to the UnsafelyTreatInsecureOriginAsSecure enterprise policy: * Support wildcard hostnames (up to eTLD+1) * Rename the policy to be more clear * Confirm that the omnibox UI is correct (no Not Secure badge) for sites in the policy
,
May 22 2018
,
May 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fcadaceb4717bbb5d424559be58b9832ad8a8f5d commit fcadaceb4717bbb5d424559be58b9832ad8a8f5d Author: Emily Stark <estark@google.com> Date: Thu May 24 00:00:53 2018 Add hostname pattern support to secure context whitelist As an enterprise requirement for the HTTP-Bad rollout, we need to support wildcard hostname patterns like *.foo-corp.com for the --unsafely-treat-insecure-origin-as-secure flag and policy. This CL supports this requirement by expanding the whitelist configured by that flag to allow hostname patterns. Unfortunately, this means that the whitelist is now made up of std::strings instead of url::Origins; origins are still canonicalized and serialized before being placed into the whitelist. Consumers of the whitelist now check for exact origin matches as well as pattern matches. Bug: 844885 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: I6ccea22f499045bf7ec50bfb903320baa8e37095 Reviewed-on: https://chromium-review.googlesource.com/1068262 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#561319} [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/chrome/common/secure_origin_whitelist.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/chrome/common/secure_origin_whitelist.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/chrome/common/secure_origin_whitelist_unittest.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/chrome/renderer/chrome_content_renderer_client.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/content/common/origin_util.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/content/common/url_schemes.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/content/common/url_schemes.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/content/public/common/content_client.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/services/network/cors/cors_url_loader.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/services/network/public/cpp/cors/cors_legacy.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/services/network/public/cpp/cors/cors_legacy.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/public/web/web_security_policy.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/core/exported/web_security_policy.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/platform/DEPS [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/platform/weborigin/security_origin_test.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/platform/weborigin/security_policy.cc [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/platform/weborigin/security_policy.h [modify] https://crrev.com/fcadaceb4717bbb5d424559be58b9832ad8a8f5d/third_party/blink/renderer/platform/weborigin/security_policy_test.cc
,
May 28 2018
The release blocking part of this is done. Still want to rename the policy at some point and add a test for the UI.
,
Jul 3
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e6b942fe171b276c5d0dcd3e011120e23c8279e3 commit e6b942fe171b276c5d0dcd3e011120e23c8279e3 Author: Emily Stark <estark@google.com> Date: Tue Jul 03 03:49:27 2018 Rename UnsafelyTreatInsecureOriginAsSecure policy This CL deprecates UnsafelyTreatInsecureOriginAsSecure in favor of an equivalent policy named OverrideSecurityRestrictionsOnInsecureOrigin, which we think will be more clear to admins. Bug: 844885 Change-Id: I80fb2488b5495aff4f1b3308d96248fbe2221af9 Reviewed-on: https://chromium-review.googlesource.com/1107849 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#572100} [modify] https://crrev.com/e6b942fe171b276c5d0dcd3e011120e23c8279e3/chrome/browser/policy/configuration_policy_handler_list_factory.cc [modify] https://crrev.com/e6b942fe171b276c5d0dcd3e011120e23c8279e3/chrome/browser/secure_origin_whitelist_browsertest.cc [modify] https://crrev.com/e6b942fe171b276c5d0dcd3e011120e23c8279e3/chrome/test/data/policy/policy_test_cases.json [modify] https://crrev.com/e6b942fe171b276c5d0dcd3e011120e23c8279e3/components/policy/resources/policy_templates.json [modify] https://crrev.com/e6b942fe171b276c5d0dcd3e011120e23c8279e3/tools/metrics/histograms/enums.xml
,
Jul 12
All that remains here is adding a browser test that the security level is NONE rather than HTTP_SHOW_WARNING when the pref is set. That would be a good first bug if anyone wants to grab it.
,
Aug 1
https://chromium-review.googlesource.com/c/chromium/src/+/1157029 adds a test to secure_origin_whitelist_browsertest.cc to check the security level under the various conditions (as part of fixing Issue 869422 ).
,
Aug 3
Can this feature request be closed? The M-68 boat has sailed
,
Aug 3
The main part of this feature landed in M-68, with additional parts (the rename of the policy) landing in M-69. A followup fix tracked in Issue 869422 landed just this week (and was merged back into M-68 today). With the tests landed as part of that followup fix (see Comment #6, which is why this bug was left open), I think we can close this and track any further work in a different bug.
,
Aug 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1ac9b35193685a1d011d5df35020953913396802 commit 1ac9b35193685a1d011d5df35020953913396802 Author: Christopher Thompson <cthomp@chromium.org> Date: Fri Aug 10 18:33:23 2018 Update policy templates and examples for HTTP-Bad This tweaks the policy templates and examples to be clearer about affects on the "Not Secure" UI and how wildcard hostname patterns work. Bug: 844885 Change-Id: I49eba85762272a0bfedb4163cecad1b8e6df513a Reviewed-on: https://chromium-review.googlesource.com/1166247 Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Commit-Queue: Christopher Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/heads/master@{#582260} [modify] https://crrev.com/1ac9b35193685a1d011d5df35020953913396802/chrome/test/data/policy/policy_test_cases.json [modify] https://crrev.com/1ac9b35193685a1d011d5df35020953913396802/components/policy/resources/policy_templates.json
,
Aug 17
verified feature is working properly on Chromebook flashed with M70 |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by est...@chromium.org
, May 19 2018