New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 869298 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: Jul 31
Cc:
pastarmovj@chromium.org
marcore@chromium.org
lockp@chromium.org
jayhlee@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Chrome FR: Disable the [ Not secure ] warning message for selected domain[s] with GPO

Project Member Reported by marcore@chromium.org, Jul 31 
Summary:
The customer wants to disable the [ Not secure ] warning message in Chrome browser domain wide by using an Active Directory GPO policy.

Use case / Motivation:
The customer needs to control the [ Not secure ] warning message in Chrome browsers’ domain wide.

Existing workarounds:
There are no existing workarounds that can be successfully implemented domain wide. 
The Support Article found at: https://support.google.com/chrome/a/answer/7679408?hl=en#67 referencing the Support Documentation: https://dev.chromium.org/administrators/policy-list-3#UnsafelyTreatInsecureOriginAsSecure

in the ADMX files downloaded from https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip (cat VERSION MAJOR=68 MINOR=0 BUILD=3440 PATCH=75) there is not the policy setting for [ UnsafelyTreatInsecureOriginAsSecure ] 

Device level experimental feature workaround found at: chrome://flags/#enable-mark-http-as was successful for Windows devices after testing. Currently it is not possible to apply this policy domain wide.

Case#: 16478553

Comment 1 by marcore@chromium.org, Jul 31 

Issue 869242 has been merged into this issue.

Comment 2 by pastarmovj@chromium.org, Jul 31 

You should be able to find this policy in the GPO editor as "Origins to be treated as secure context."

Comment 3 by marcore@chromium.org, Jul 31

Status: WontFix (was: Untriaged)
yes, found it.
Computer configuration>Policies>Administrative Templates>Google>Google Chrome
Origins to be treated as secure context.

User configuration>Policies>Administrative Templates>Google>Google Chrome
Origins to be treated as secure context.

result policies.json
{
   "chromePolicies": {
      "BackgroundModeEnabled": {
         "level": "mandatory",
         "scope": "machine",
         "source": "sourcePlatform",
         "value": false
      },
      "RestoreOnStartup": {
         "level": "mandatory",
         "scope": "machine",
         "source": "sourcePlatform",
         "value": 4
      },
      "RestoreOnStartupURLs": {
         "level": "mandatory",
         "scope": "machine",
         "source": "sourcePlatform",
         "value": [ "chrome://version", "chrome://policy", "https://www.google.com/?GPO2016" ]
      },
      "UnsafelyTreatInsecureOriginAsSecure": {
         "level": "mandatory",
         "scope": "machine",
         "source": "sourcePlatform",
         "value": [ "http://www.XXX.XX", "http://www.TEST2.XX", "http://www.test.one.com" ]
      }
   },
   "extensionPolicies": {
      "ghbmnnjooekpmoecnnnilnnbdlolhkhi": {

      }
   }
}

Sign in to add a comment