856 lines
38 KiB
Diff
856 lines
38 KiB
Diff
From: uazo <uazo@users.noreply.github.com>
|
|
Date: Tue, 22 Nov 2022 16:49:58 +0000
|
|
Subject: Add browser policy
|
|
|
|
License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
|
|
---
|
|
base/win/win_util.cc | 63 +-------
|
|
chrome/android/java/AndroidManifest.xml | 4 -
|
|
.../privacy_preferences_manager_impl.cc | 5 +
|
|
.../metrics/chrome_feature_list_creator.cc | 12 ++
|
|
.../policy/chrome_browser_policy_connector.cc | 2 -
|
|
...nfiguration_policy_handler_list_factory.cc | 6 +-
|
|
.../account_consistency_mode_manager.cc | 7 +-
|
|
...ccount_consistency_mode_manager_factory.cc | 2 +-
|
|
chrome/browser/signin/chrome_signin_client.cc | 7 +-
|
|
.../ui/webui/policy/policy_ui_handler.cc | 104 ++++++++++++-
|
|
.../ui/webui/policy/policy_ui_handler.h | 2 +
|
|
.../commerce/core/commerce_feature_list.cc | 24 +--
|
|
.../core/browser/browser_policy_connector.cc | 3 +
|
|
.../common/command_line_policy_provider.cc | 3 +
|
|
.../core/common/policy_loader_command_line.cc | 140 ++++++++++++++++--
|
|
.../policy/core/common/policy_pref_names.cc | 3 +
|
|
.../policy/core/common/policy_pref_names.h | 1 +
|
|
.../policy/core/common/policy_service_impl.cc | 3 +
|
|
.../policy/core/common/policy_switches.cc | 2 +
|
|
.../policy/core/common/policy_switches.h | 1 +
|
|
.../Miscellaneous/SyncDisabled.yaml | 2 +-
|
|
.../policy/resources/webui/policy_row.html | 1 +
|
|
.../policy/resources/webui/policy_row.ts | 12 ++
|
|
components/policy_strings.grdp | 4 +-
|
|
.../gaia_cookie_manager_service.cc | 4 +
|
|
google_apis/gaia/gaia_auth_fetcher.cc | 1 +
|
|
26 files changed, 311 insertions(+), 107 deletions(-)
|
|
|
|
diff --git a/base/win/win_util.cc b/base/win/win_util.cc
|
|
--- a/base/win/win_util.cc
|
|
+++ b/base/win/win_util.cc
|
|
@@ -126,76 +126,19 @@ bool EnablePerMonitorV2() {
|
|
}
|
|
|
|
bool* GetDomainEnrollmentStateStorage() {
|
|
- static bool state = IsOS(OS_DOMAINMEMBER);
|
|
+ static bool state = false;
|
|
return &state;
|
|
}
|
|
|
|
bool* GetRegisteredWithManagementStateStorage() {
|
|
- static bool state = []() {
|
|
- // Mitigate the issues caused by loading DLLs on a background thread
|
|
- // (http://crbug/973868).
|
|
- SCOPED_MAY_LOAD_LIBRARY_AT_BACKGROUND_PRIORITY();
|
|
-
|
|
- ScopedNativeLibrary library(
|
|
- FilePath(FILE_PATH_LITERAL("MDMRegistration.dll")));
|
|
- if (!library.is_valid())
|
|
- return false;
|
|
-
|
|
- using IsDeviceRegisteredWithManagementFunction =
|
|
- decltype(&::IsDeviceRegisteredWithManagement);
|
|
- IsDeviceRegisteredWithManagementFunction
|
|
- is_device_registered_with_management_function =
|
|
- reinterpret_cast<IsDeviceRegisteredWithManagementFunction>(
|
|
- library.GetFunctionPointer("IsDeviceRegisteredWithManagement"));
|
|
- if (!is_device_registered_with_management_function)
|
|
- return false;
|
|
-
|
|
- BOOL is_managed = FALSE;
|
|
- HRESULT hr =
|
|
- is_device_registered_with_management_function(&is_managed, 0, nullptr);
|
|
- return SUCCEEDED(hr) && is_managed;
|
|
- }();
|
|
+ static bool state = false;
|
|
|
|
return &state;
|
|
}
|
|
|
|
// TODO (crbug/1300219): return a DSREG_JOIN_TYPE* instead of bool*.
|
|
bool* GetAzureADJoinStateStorage() {
|
|
- static bool state = []() {
|
|
- base::ElapsedTimer timer;
|
|
-
|
|
- // Mitigate the issues caused by loading DLLs on a background thread
|
|
- // (http://crbug/973868).
|
|
- SCOPED_MAY_LOAD_LIBRARY_AT_BACKGROUND_PRIORITY();
|
|
-
|
|
- ScopedNativeLibrary netapi32(
|
|
- base::LoadSystemLibrary(FILE_PATH_LITERAL("netapi32.dll")));
|
|
- if (!netapi32.is_valid())
|
|
- return false;
|
|
-
|
|
- const auto net_get_aad_join_information_function =
|
|
- reinterpret_cast<decltype(&::NetGetAadJoinInformation)>(
|
|
- netapi32.GetFunctionPointer("NetGetAadJoinInformation"));
|
|
- if (!net_get_aad_join_information_function)
|
|
- return false;
|
|
-
|
|
- const auto net_free_aad_join_information_function =
|
|
- reinterpret_cast<decltype(&::NetFreeAadJoinInformation)>(
|
|
- netapi32.GetFunctionPointer("NetFreeAadJoinInformation"));
|
|
- DPCHECK(net_free_aad_join_information_function);
|
|
-
|
|
- DSREG_JOIN_INFO* join_info = nullptr;
|
|
- HRESULT hr = net_get_aad_join_information_function(/*pcszTenantId=*/nullptr,
|
|
- &join_info);
|
|
- const bool is_aad_joined = SUCCEEDED(hr) && join_info;
|
|
- if (join_info) {
|
|
- net_free_aad_join_information_function(join_info);
|
|
- }
|
|
-
|
|
- base::UmaHistogramTimes("EnterpriseCheck.AzureADJoinStatusCheckTime",
|
|
- timer.Elapsed());
|
|
- return is_aad_joined;
|
|
- }();
|
|
+ static bool state = false;
|
|
return &state;
|
|
}
|
|
|
|
diff --git a/chrome/android/java/AndroidManifest.xml b/chrome/android/java/AndroidManifest.xml
|
|
--- a/chrome/android/java/AndroidManifest.xml
|
|
+++ b/chrome/android/java/AndroidManifest.xml
|
|
@@ -73,9 +73,7 @@ by a child template that "extends" this file.
|
|
<uses-permission android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC" tools:ignore="SystemPermissionTypo" />
|
|
<uses-permission android:name="android.permission.RUN_USER_INITIATED_JOBS" />
|
|
|
|
- <uses-permission android:name="android.permission.GET_ACCOUNTS"/>
|
|
<uses-permission android:name="android.permission.INTERNET"/>
|
|
- <uses-permission android:name="android.permission.MANAGE_ACCOUNTS"/>
|
|
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"/>
|
|
<uses-permission android:name="android.permission.NFC"/>
|
|
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
|
|
@@ -86,7 +84,6 @@ by a child template that "extends" this file.
|
|
<uses-permission-sdk-23 android:name="android.permission.READ_MEDIA_VIDEO"/>
|
|
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
|
|
<uses-permission android:name="android.permission.RECORD_AUDIO"/>
|
|
- <uses-permission android:name="android.permission.USE_CREDENTIALS"/>
|
|
<uses-permission-sdk-23 android:name="android.permission.USE_BIOMETRIC"/>
|
|
<uses-permission-sdk-23 android:name="android.permission.USE_FINGERPRINT"/>
|
|
<uses-permission android:name="android.permission.VIBRATE"/>
|
|
@@ -130,7 +127,6 @@ by a child template that "extends" this file.
|
|
<uses-permission android:name="com.chrome.permission.DEVICE_EXTRAS" />
|
|
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
|
|
|
|
- <uses-permission android:name="com.google.android.apps.now.CURRENT_ACCOUNT_ACCESS" />
|
|
|
|
{% block extra_uses_permissions %}
|
|
{% endblock %}
|
|
diff --git a/chrome/browser/android/preferences/privacy_preferences_manager_impl.cc b/chrome/browser/android/preferences/privacy_preferences_manager_impl.cc
|
|
--- a/chrome/browser/android/preferences/privacy_preferences_manager_impl.cc
|
|
+++ b/chrome/browser/android/preferences/privacy_preferences_manager_impl.cc
|
|
@@ -56,6 +56,11 @@ static jboolean
|
|
JNI_PrivacyPreferencesManagerImpl_IsMetricsReportingDisabledByPolicy(
|
|
JNIEnv* env) {
|
|
const PrefService* local_state = g_browser_process->local_state();
|
|
+ // this point (policy with 'future') gave me false, false
|
|
+ // LOG(INFO) << "---IsMetricsReportingDisabledByPolicy "
|
|
+ // << local_state->IsManagedPreference(metrics::prefs::kMetricsReportingEnabled)
|
|
+ // << " "
|
|
+ // << local_state->GetBoolean(metrics::prefs::kMetricsReportingEnabled);
|
|
return local_state->IsManagedPreference(
|
|
metrics::prefs::kMetricsReportingEnabled) &&
|
|
!local_state->GetBoolean(metrics::prefs::kMetricsReportingEnabled);
|
|
diff --git a/chrome/browser/metrics/chrome_feature_list_creator.cc b/chrome/browser/metrics/chrome_feature_list_creator.cc
|
|
--- a/chrome/browser/metrics/chrome_feature_list_creator.cc
|
|
+++ b/chrome/browser/metrics/chrome_feature_list_creator.cc
|
|
@@ -57,6 +57,8 @@
|
|
#include "content/public/common/content_switches.h"
|
|
#include "services/network/public/cpp/network_switches.h"
|
|
#include "ui/base/resource/resource_bundle.h"
|
|
+#include "components/policy/core/common/policy_pref_names.h"
|
|
+#include "components/policy/core/common/policy_switches.h"
|
|
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
#include "chrome/browser/ash/policy/core/browser_policy_connector_ash.h"
|
|
@@ -222,6 +224,16 @@ void ChromeFeatureListCreator::CreatePrefService() {
|
|
// ManagementService's cache.
|
|
if (local_state_pref_store->ReadPrefs() ==
|
|
JsonPrefStore::PREF_READ_ERROR_NONE) {
|
|
+ // add list of user disabled policies to command line
|
|
+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
|
|
+ const base::Value* stored_value = nullptr;
|
|
+ if (local_state_pref_store->GetValue(policy::policy_prefs::kDisabledDefaultPoliciesList, &stored_value) &&
|
|
+ stored_value->is_string()) {
|
|
+ std::string disabled_policies = stored_value->GetString();
|
|
+ if (!disabled_policies.empty()) {
|
|
+ command_line->AppendSwitchASCII(policy::switches::kForceDisabledPolicies, disabled_policies);
|
|
+ }
|
|
+ }
|
|
auto* platform_management_service =
|
|
policy::ManagementServiceFactory::GetForPlatform();
|
|
platform_management_service->UsePrefStoreAsCache(local_state_pref_store);
|
|
diff --git a/chrome/browser/policy/chrome_browser_policy_connector.cc b/chrome/browser/policy/chrome_browser_policy_connector.cc
|
|
--- a/chrome/browser/policy/chrome_browser_policy_connector.cc
|
|
+++ b/chrome/browser/policy/chrome_browser_policy_connector.cc
|
|
@@ -159,8 +159,6 @@ bool ChromeBrowserPolicyConnector::HasMachineLevelPolicies() {
|
|
if (ProviderHasPolicies(machine_level_user_cloud_policy_manager()))
|
|
return true;
|
|
#endif // !BUILDFLAG(IS_CHROMEOS_ASH)
|
|
- if (ProviderHasPolicies(command_line_provider_))
|
|
- return true;
|
|
return false;
|
|
}
|
|
|
|
diff --git a/chrome/browser/policy/configuration_policy_handler_list_factory.cc b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
|
|
--- a/chrome/browser/policy/configuration_policy_handler_list_factory.cc
|
|
+++ b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
|
|
@@ -2046,9 +2046,9 @@ bool AreFuturePoliciesEnabledByDefault() {
|
|
if (base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kTestType)) {
|
|
return true;
|
|
}
|
|
- version_info::Channel channel = chrome::GetChannel();
|
|
- return channel != version_info::Channel::STABLE &&
|
|
- channel != version_info::Channel::BETA;
|
|
+ // Future policies are allowed but not active without
|
|
+ // kEnableExperimentalPolicies policy
|
|
+ return true;
|
|
}
|
|
|
|
} // namespace
|
|
diff --git a/chrome/browser/signin/account_consistency_mode_manager.cc b/chrome/browser/signin/account_consistency_mode_manager.cc
|
|
--- a/chrome/browser/signin/account_consistency_mode_manager.cc
|
|
+++ b/chrome/browser/signin/account_consistency_mode_manager.cc
|
|
@@ -160,7 +160,7 @@ void AccountConsistencyModeManager::SetIgnoreMissingOAuthClientForTesting() {
|
|
// static
|
|
bool AccountConsistencyModeManager::ShouldBuildServiceForProfile(
|
|
Profile* profile) {
|
|
- return profile->IsRegularProfile();
|
|
+ return false;
|
|
}
|
|
|
|
AccountConsistencyMethod
|
|
@@ -198,7 +198,8 @@ AccountConsistencyModeManager::ComputeAccountConsistencyMethod(
|
|
#endif
|
|
|
|
#if BUILDFLAG(ENABLE_MIRROR)
|
|
- return AccountConsistencyMethod::kMirror;
|
|
+ // always disabled
|
|
+ return AccountConsistencyMethod::kDisabled;
|
|
#endif
|
|
|
|
#if BUILDFLAG(ENABLE_DICE_SUPPORT)
|
|
@@ -208,7 +209,7 @@ AccountConsistencyModeManager::ComputeAccountConsistencyMethod(
|
|
return AccountConsistencyMethod::kDisabled;
|
|
}
|
|
|
|
- return AccountConsistencyMethod::kDice;
|
|
+ return AccountConsistencyMethod::kDisabled;
|
|
#endif
|
|
|
|
NOTREACHED();
|
|
diff --git a/chrome/browser/signin/account_consistency_mode_manager_factory.cc b/chrome/browser/signin/account_consistency_mode_manager_factory.cc
|
|
--- a/chrome/browser/signin/account_consistency_mode_manager_factory.cc
|
|
+++ b/chrome/browser/signin/account_consistency_mode_manager_factory.cc
|
|
@@ -45,5 +45,5 @@ void AccountConsistencyModeManagerFactory::RegisterProfilePrefs(
|
|
|
|
bool AccountConsistencyModeManagerFactory::ServiceIsCreatedWithBrowserContext()
|
|
const {
|
|
- return true;
|
|
+ return false;
|
|
}
|
|
diff --git a/chrome/browser/signin/chrome_signin_client.cc b/chrome/browser/signin/chrome_signin_client.cc
|
|
--- a/chrome/browser/signin/chrome_signin_client.cc
|
|
+++ b/chrome/browser/signin/chrome_signin_client.cc
|
|
@@ -130,7 +130,9 @@ void ChromeSigninClient::DoFinalInit() {
|
|
bool ChromeSigninClient::ProfileAllowsSigninCookies(Profile* profile) {
|
|
scoped_refptr<content_settings::CookieSettings> cookie_settings =
|
|
CookieSettingsFactory::GetForProfile(profile);
|
|
- return signin::SettingsAllowSigninCookies(cookie_settings.get());
|
|
+ // Make ChromeSigninClient compliant to SigninAllowed policy
|
|
+ bool cookiesAllowed = signin::SettingsAllowSigninCookies(cookie_settings.get());
|
|
+ return cookiesAllowed && profile->GetPrefs()->GetBoolean(prefs::kSigninAllowed);
|
|
}
|
|
|
|
PrefService* ChromeSigninClient::GetPrefs() { return profile_->GetPrefs(); }
|
|
@@ -242,6 +244,9 @@ bool ChromeSigninClient::AreNetworkCallsDelayed() {
|
|
}
|
|
|
|
void ChromeSigninClient::DelayNetworkCall(base::OnceClosure callback) {
|
|
+ // Make ChromeSigninClient compliant to SigninAllowed policy
|
|
+ if (!AreSigninCookiesAllowed()) return;
|
|
+
|
|
wait_for_network_callback_helper_->DelayNetworkCall(std::move(callback));
|
|
}
|
|
|
|
diff --git a/chrome/browser/ui/webui/policy/policy_ui_handler.cc b/chrome/browser/ui/webui/policy/policy_ui_handler.cc
|
|
--- a/chrome/browser/ui/webui/policy/policy_ui_handler.cc
|
|
+++ b/chrome/browser/ui/webui/policy/policy_ui_handler.cc
|
|
@@ -22,6 +22,7 @@
|
|
#include "base/memory/raw_ptr.h"
|
|
#include "base/memory/weak_ptr.h"
|
|
#include "base/notreached.h"
|
|
+#include "base/strings/string_split.h"
|
|
#include "base/strings/utf_string_conversions.h"
|
|
#include "base/task/task_traits.h"
|
|
#include "base/task/thread_pool.h"
|
|
@@ -64,6 +65,7 @@
|
|
#include "components/policy/core/common/policy_details.h"
|
|
#include "components/policy/core/common/policy_logger.h"
|
|
#include "components/policy/core/common/policy_pref_names.h"
|
|
+#include "components/policy/core/common/policy_pref_names.h"
|
|
#include "components/policy/core/common/policy_scheduler.h"
|
|
#include "components/policy/core/common/policy_types.h"
|
|
#include "components/policy/core/common/remote_commands/remote_commands_service.h"
|
|
@@ -177,6 +179,10 @@ void PolicyUIHandler::RegisterMessages() {
|
|
"exportPoliciesJSON",
|
|
base::BindRepeating(&PolicyUIHandler::HandleExportPoliciesJson,
|
|
base::Unretained(this)));
|
|
+ web_ui()->RegisterMessageCallback(
|
|
+ "setEnabledPolicy",
|
|
+ base::BindRepeating(&PolicyUIHandler::HandleSetEnabledPolicy,
|
|
+ base::Unretained(this)));
|
|
web_ui()->RegisterMessageCallback(
|
|
"listenPoliciesUpdates",
|
|
base::BindRepeating(&PolicyUIHandler::HandleListenPoliciesUpdates,
|
|
@@ -424,8 +430,102 @@ void PolicyUIHandler::SendPolicies() {
|
|
"policies-updated",
|
|
base::Value(
|
|
policy_value_and_status_aggregator_->GetAggregatedPolicyNames()),
|
|
- base::Value(
|
|
- policy_value_and_status_aggregator_->GetAggregatedPolicyValues()));
|
|
+ base::Value(GetPolicyValues()));
|
|
+}
|
|
+
|
|
+base::Value::Dict PolicyUIHandler::GetPolicyValues() {
|
|
+ base::Value::Dict policy =
|
|
+ policy_value_and_status_aggregator_->GetAggregatedPolicyValues();
|
|
+ base::Value::Dict* policy_values =
|
|
+ policy.FindDict(policy::kPolicyValuesKey);
|
|
+ DCHECK(policy_values);
|
|
+
|
|
+ PrefService* local_state = g_browser_process->local_state();
|
|
+ DCHECK(local_state);
|
|
+
|
|
+ // get user disabled list from local state
|
|
+ std::string disabled_policies_pref =
|
|
+ local_state->GetString(policy::policy_prefs::kDisabledDefaultPoliciesList);
|
|
+ std::vector<std::string> disabled_policies =
|
|
+ base::SplitString(disabled_policies_pref, ",",
|
|
+ base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
|
+
|
|
+ auto* root = policy_values->FindDict(policy::kChromePoliciesId);
|
|
+ if (root) {
|
|
+ auto* list = root->FindDict(policy::kPoliciesKey);
|
|
+ if (list) {
|
|
+ // for each policy check if is disabled by the user
|
|
+ for (const auto name : *list) {
|
|
+ bool disabled = base::Contains(disabled_policies, name.first);
|
|
+ name.second.GetDict().Set("disabled", base::Value(disabled));
|
|
+ }
|
|
+
|
|
+ // add disabled policies so user can enable them
|
|
+ for (const std::string& name : disabled_policies) {
|
|
+ base::Value::Dict value;
|
|
+ value.Set("disabled", base::Value(true));
|
|
+
|
|
+ // set with some value (only for the ui)
|
|
+ // see components/policy/core/browser/policy_conversions_client.cc
|
|
+ value.Set("value", base::Value(false));
|
|
+ value.Set("scope", base::Value("machine"));
|
|
+ value.Set("level", base::Value("mandatory"));
|
|
+ value.Set("source", base::Value("sourceDefault"));
|
|
+ list->Set(name, std::move(value));
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ return policy;
|
|
+}
|
|
+
|
|
+void PolicyUIHandler::HandleSetEnabledPolicy(
|
|
+ const base::Value::List& args) {
|
|
+ CHECK_EQ(2u, args.size());
|
|
+ const std::string policy_name = args[0].GetString();
|
|
+ bool enabled = args[1].GetBool();
|
|
+
|
|
+ // Check if policy exists
|
|
+ base::Value::Dict policy =
|
|
+ policy_value_and_status_aggregator_->GetAggregatedPolicyValues();
|
|
+ base::Value::Dict* policy_values =
|
|
+ policy.FindDict(policy::kPolicyValuesKey);
|
|
+ DCHECK(policy_values);
|
|
+
|
|
+ bool exists = false;
|
|
+ auto* root = policy_values->FindDict(policy::kChromePoliciesId);
|
|
+ if (root && g_browser_process) {
|
|
+ auto* list = root->FindDict(policy::kPoliciesKey);
|
|
+ if (list) {
|
|
+ for (const auto name : *list) {
|
|
+ if (name.first == policy_name) {
|
|
+ exists = true;
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ PrefService* local_state = g_browser_process->local_state();
|
|
+ DCHECK(local_state);
|
|
+
|
|
+ // get user disabled list from local state
|
|
+ std::string disabled_policies_pref =
|
|
+ local_state->GetString(policy::policy_prefs::kDisabledDefaultPoliciesList);
|
|
+ std::vector<std::string> disabled_policies =
|
|
+ base::SplitString(disabled_policies_pref, ",",
|
|
+ base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
|
+
|
|
+ // remove policy
|
|
+ base::EraseIf(disabled_policies,
|
|
+ [policy_name](const std::string& name) { return name == policy_name; });
|
|
+
|
|
+ // readd if exists and enabled
|
|
+ if (exists && !enabled)
|
|
+ disabled_policies.push_back(policy_name);
|
|
+
|
|
+ // save current user disabled policy in local state
|
|
+ local_state->SetString(policy::policy_prefs::kDisabledDefaultPoliciesList,
|
|
+ base::JoinString(disabled_policies, ","));
|
|
}
|
|
|
|
void PolicyUIHandler::SendStatus() {
|
|
diff --git a/chrome/browser/ui/webui/policy/policy_ui_handler.h b/chrome/browser/ui/webui/policy/policy_ui_handler.h
|
|
--- a/chrome/browser/ui/webui/policy/policy_ui_handler.h
|
|
+++ b/chrome/browser/ui/webui/policy/policy_ui_handler.h
|
|
@@ -58,6 +58,8 @@ class PolicyUIHandler : public content::WebUIMessageHandler,
|
|
|
|
private:
|
|
void HandleExportPoliciesJson(const base::Value::List& args);
|
|
+ void HandleSetEnabledPolicy(const base::Value::List& args);
|
|
+ base::Value::Dict GetPolicyValues();
|
|
void HandleListenPoliciesUpdates(const base::Value::List& args);
|
|
void HandleReloadPolicies(const base::Value::List& args);
|
|
void HandleCopyPoliciesJson(const base::Value::List& args);
|
|
diff --git a/components/commerce/core/commerce_feature_list.cc b/components/commerce/core/commerce_feature_list.cc
|
|
--- a/components/commerce/core/commerce_feature_list.cc
|
|
+++ b/components/commerce/core/commerce_feature_list.cc
|
|
@@ -159,8 +159,8 @@ BASE_FEATURE(kCommercePriceTrackingChipExperiment,
|
|
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
BASE_FEATURE(kCommercePriceTrackingRegionLaunched,
|
|
- "CommercePriceTrackingRegionLaunched",
|
|
- base::FEATURE_ENABLED_BY_DEFAULT);
|
|
+ "CommercePriceTrackingRegionLaunched", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
#else
|
|
BASE_FEATURE(kCommercePriceTrackingRegionLaunched,
|
|
"CommercePriceTrackingRegionLaunched",
|
|
@@ -227,8 +227,8 @@ BASE_FEATURE(kShoppingList, "ShoppingList", base::FEATURE_DISABLED_BY_DEFAULT);
|
|
#if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
|
|
BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
BASE_FEATURE(kShoppingListRegionLaunched,
|
|
- "ShoppingListRegionLaunched",
|
|
- base::FEATURE_ENABLED_BY_DEFAULT);
|
|
+ "ShoppingListRegionLaunched", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
#else
|
|
BASE_FEATURE(kShoppingListRegionLaunched,
|
|
"ShoppingListRegionLaunched",
|
|
@@ -273,12 +273,12 @@ BASE_FEATURE(kDiscountConsentV2,
|
|
base::FEATURE_ENABLED_BY_DEFAULT);
|
|
|
|
BASE_FEATURE(kCommerceHintAndroid,
|
|
- "CommerceHintAndroid",
|
|
- base::FEATURE_DISABLED_BY_DEFAULT);
|
|
+ "CommerceHintAndroid", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
|
|
BASE_FEATURE(kMerchantWidePromotion,
|
|
- "MerchantWidePromotion",
|
|
- base::FEATURE_ENABLED_BY_DEFAULT);
|
|
+ "MerchantWidePromotion", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
|
|
BASE_FEATURE(kCodeBasedRBD, "CodeBasedRBD", base::FEATURE_ENABLED_BY_DEFAULT);
|
|
|
|
@@ -287,11 +287,11 @@ BASE_FEATURE(kChromeCartDomBasedHeuristics,
|
|
base::FEATURE_DISABLED_BY_DEFAULT);
|
|
|
|
BASE_FEATURE(kParcelTracking,
|
|
- "ParcelTracking",
|
|
- base::FEATURE_ENABLED_BY_DEFAULT);
|
|
+ "ParcelTracking", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
BASE_FEATURE(kParcelTrackingRegionLaunched,
|
|
- "ParcelTrackingRegionLaunched",
|
|
- base::FEATURE_DISABLED_BY_DEFAULT);
|
|
+ "ParcelTrackingRegionLaunched", // disabled
|
|
+ base::FEATURE_DISABLED_BY_DEFAULT); // by default
|
|
|
|
// Params for Discount Consent V2 in the NTP Cart module.
|
|
const char kNtpChromeCartModuleDiscountConsentNtpVariationParam[] =
|
|
diff --git a/components/policy/core/browser/browser_policy_connector.cc b/components/policy/core/browser/browser_policy_connector.cc
|
|
--- a/components/policy/core/browser/browser_policy_connector.cc
|
|
+++ b/components/policy/core/browser/browser_policy_connector.cc
|
|
@@ -140,6 +140,9 @@ void BrowserPolicyConnector::RegisterPrefs(PrefRegistrySimple* registry) {
|
|
CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
|
|
registry->RegisterBooleanPref(
|
|
policy_prefs::kCloudManagementEnrollmentMandatory, false);
|
|
+ // register the pref for user disabled policies
|
|
+ registry->RegisterStringPref(
|
|
+ policy_prefs::kDisabledDefaultPoliciesList, std::string());
|
|
}
|
|
|
|
} // namespace policy
|
|
diff --git a/components/policy/core/common/command_line_policy_provider.cc b/components/policy/core/common/command_line_policy_provider.cc
|
|
--- a/components/policy/core/common/command_line_policy_provider.cc
|
|
+++ b/components/policy/core/common/command_line_policy_provider.cc
|
|
@@ -23,6 +23,9 @@ std::unique_ptr<CommandLinePolicyProvider>
|
|
CommandLinePolicyProvider::CreateIfAllowed(
|
|
const base::CommandLine& command_line,
|
|
version_info::Channel channel) {
|
|
+ if ((true))
|
|
+ return base::WrapUnique(new CommandLinePolicyProvider(command_line));
|
|
+
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
if (channel == version_info::Channel::STABLE ||
|
|
channel == version_info::Channel::BETA) {
|
|
diff --git a/components/policy/core/common/policy_loader_command_line.cc b/components/policy/core/common/policy_loader_command_line.cc
|
|
--- a/components/policy/core/common/policy_loader_command_line.cc
|
|
+++ b/components/policy/core/common/policy_loader_command_line.cc
|
|
@@ -11,6 +11,31 @@
|
|
#include "components/policy/core/common/policy_bundle.h"
|
|
#include "components/policy/core/common/policy_switches.h"
|
|
#include "components/policy/core/common/policy_types.h"
|
|
+#include "base/strings/string_split.h"
|
|
+#include "components/policy/core/common/policy_map.h"
|
|
+#include "components/policy/core/common/policy_namespace.h"
|
|
+#include "components/policy/policy_constants.h"
|
|
+
|
|
+#include "chrome/browser/preloading/preloading_prefs.h"
|
|
+#include "chrome/browser/policy/browser_signin_policy_handler.h"
|
|
+
|
|
+namespace {
|
|
+ // adds the policy if the user has allowed it
|
|
+ void AddPolicy(
|
|
+ const std::vector<std::string>& disabled_policies,
|
|
+ policy::PolicyMap& policy_map,
|
|
+ const std::string& policy_name,
|
|
+ base::Value value) {
|
|
+
|
|
+ if (std::find(disabled_policies.begin(), disabled_policies.end(), policy_name)
|
|
+ == disabled_policies.end()) {
|
|
+ policy_map.Set(policy_name,
|
|
+ policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_MACHINE,
|
|
+ policy::POLICY_SOURCE_COMMAND_LINE,
|
|
+ std::move(value), nullptr);
|
|
+ }
|
|
+ }
|
|
+}
|
|
|
|
namespace policy {
|
|
|
|
@@ -21,25 +46,108 @@ PolicyLoaderCommandLine::~PolicyLoaderCommandLine() = default;
|
|
|
|
PolicyBundle PolicyLoaderCommandLine::Load() {
|
|
PolicyBundle bundle;
|
|
- if (!command_line_->HasSwitch(switches::kChromePolicy))
|
|
- return bundle;
|
|
|
|
- auto policies = base::JSONReader::ReadAndReturnValueWithError(
|
|
- command_line_->GetSwitchValueASCII(switches::kChromePolicy),
|
|
- base::JSONParserOptions::JSON_ALLOW_TRAILING_COMMAS);
|
|
+ PolicyMap& policy_map =
|
|
+ bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()));
|
|
|
|
- if (!policies.has_value()) {
|
|
- VLOG(1) << "Command line policy error: " << policies.error().message;
|
|
- return bundle;
|
|
- }
|
|
- if (!policies->is_dict()) {
|
|
- VLOG(1) << "Command line policy is not a dictionary";
|
|
- return bundle;
|
|
- }
|
|
+ // get disabled policies
|
|
+ std::string disabled_policies =
|
|
+ command_line_->GetSwitchValueASCII(switches::kForceDisabledPolicies);
|
|
+ std::vector<std::string> disabled_policies_list =
|
|
+ base::SplitString(disabled_policies, ",",
|
|
+ base::KEEP_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
|
|
+
|
|
+ // whitelist a future policy.
|
|
+ base::Value::List enabled_future_policies;
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kSafeBrowsingEnabled, base::Value(false));
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kSafeBrowsingExtendedReportingEnabled, base::Value(false));
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kScrollToTextFragmentEnabled, base::Value(false));
|
|
+
|
|
+#if BUILDFLAG(IS_ANDROID)
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kContextualSearchEnabled, base::Value(false));
|
|
+#endif
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kEnableMediaRouter, base::Value(false));
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kUrlKeyedAnonymizedDataCollectionEnabled, base::Value(false));
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kTranslateEnabled, base::Value(false));
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kNetworkPredictionOptions,
|
|
+ base::Value(static_cast<int>(
|
|
+ prefetch::NetworkPredictionOptions::kDisabled)));
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kBrowserSignin,
|
|
+ base::Value(static_cast<int>(
|
|
+ policy::BrowserSigninMode::kDisabled)));
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kSigninAllowed, base::Value(false));
|
|
+
|
|
+ // SyncDisabled need a change in policy_templates.json
|
|
+ // because is unofficially supported
|
|
+ // 1) remove future_on
|
|
+ // 2) add android supported_on
|
|
+ // and need some changes in code
|
|
+ // see https://bugs.chromium.org/p/chromium/issues/detail?id=1141797
|
|
+ enabled_future_policies.Append(policy::key::kSyncDisabled);
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kSyncDisabled, base::Value(true));
|
|
+
|
|
+ // MetricsReportingEnabled need a change in policy_templates.json
|
|
+ // because is unofficially supported
|
|
+ // 1) remove future_on
|
|
+ // 2) add android supported_on
|
|
+ // and need some changes in code
|
|
+ // set metrics::prefs::kMetricsReportingEnabled to false
|
|
+ // same of "Disable various metrics" patch
|
|
+ // and deactivate the ui under IsManagedPreference()
|
|
+ enabled_future_policies.Append(policy::key::kMetricsReportingEnabled);
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kMetricsReportingEnabled, base::Value(false));
|
|
+
|
|
+ // Disable shopping list
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kShoppingListEnabled, base::Value(false));
|
|
+
|
|
+#if !BUILDFLAG(IS_ANDROID)
|
|
+ // Disable Google Search Side Panel
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kGoogleSearchSidePanelEnabled, base::Value(false));
|
|
+#endif
|
|
+
|
|
+ // Disable automatic https upgrade
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kHttpsUpgradesEnabled, base::Value(false));
|
|
+
|
|
+ // Check RSA key usage for server certicates issued by local trust anchors
|
|
+ // Enforce TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 expects the digitalSignature key usage bit.
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kRSAKeyUsageForLocalAnchorsEnabled, base::Value(true));
|
|
+
|
|
+ // Disable Insecure Handshake Hashes
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kInsecureHashesInTLSHandshakesEnabled, base::Value(false));
|
|
+
|
|
+#if !BUILDFLAG(IS_ANDROID)
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kSideSearchEnabled, base::Value(false));
|
|
+#endif
|
|
+
|
|
+ AddPolicy(disabled_policies_list, policy_map, policy::key::kBlockTruncatedCookies, base::Value(true));
|
|
+ // kFirstPartySetsEnabled
|
|
+ // kLensCameraAssistedSearchEnabled
|
|
+ // kPasswordLeakDetectionEnabled
|
|
+ // kPasswordManagerEnabled
|
|
+ // kPromptForDownloadLocation
|
|
+
|
|
+ // kAssistantWebEnabled
|
|
+ // BrowsingDataLifetime ??
|
|
+ // ClickToCallEnabled
|
|
+ // UrlParamFilterEnabled
|
|
+ // kSSLErrorOverrideAllowed
|
|
+ // kAdvancedProtectionAllowed
|
|
+ // kUserFeedbackAllowed
|
|
+ // DesktopSharingHubEnabled
|
|
+ // kSigninInterceptionEnabled
|
|
+
|
|
+ policy_map.Set(policy::key::kEnableExperimentalPolicies,
|
|
+ policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_MACHINE,
|
|
+ policy::POLICY_SOURCE_COMMAND_LINE,
|
|
+ base::Value(enabled_future_policies.Clone()), nullptr);
|
|
|
|
- bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
|
|
- .LoadFrom(policies->GetDict(), POLICY_LEVEL_MANDATORY,
|
|
- POLICY_SCOPE_MACHINE, POLICY_SOURCE_COMMAND_LINE);
|
|
return bundle;
|
|
}
|
|
|
|
diff --git a/components/policy/core/common/policy_pref_names.cc b/components/policy/core/common/policy_pref_names.cc
|
|
--- a/components/policy/core/common/policy_pref_names.cc
|
|
+++ b/components/policy/core/common/policy_pref_names.cc
|
|
@@ -93,6 +93,9 @@ const char kReadAloudEnabled[] = "policy.read_aloud_enabled";
|
|
const char kUserAgentClientHintsGREASEUpdateEnabled[] =
|
|
"policy.user_agent_client_hints_grease_update_enabled";
|
|
|
|
+const char kDisabledDefaultPoliciesList[] =
|
|
+ "policy.disabled_default_policies_list";
|
|
+
|
|
// Boolean policy to allow isolated apps developer mode.
|
|
const char kIsolatedAppsDeveloperModeAllowed[] =
|
|
"policy.isolated_apps_developer_mode_allowed";
|
|
diff --git a/components/policy/core/common/policy_pref_names.h b/components/policy/core/common/policy_pref_names.h
|
|
--- a/components/policy/core/common/policy_pref_names.h
|
|
+++ b/components/policy/core/common/policy_pref_names.h
|
|
@@ -50,6 +50,7 @@ extern const char kUrlAllowlist[];
|
|
extern const char kUserPolicyRefreshRate[];
|
|
extern const char kIntensiveWakeUpThrottlingEnabled[];
|
|
extern const char kUserAgentClientHintsGREASEUpdateEnabled[];
|
|
+extern const char kDisabledDefaultPoliciesList[];
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
extern const char kBackForwardCacheEnabled[];
|
|
extern const char kReadAloudEnabled[];
|
|
diff --git a/components/policy/core/common/policy_service_impl.cc b/components/policy/core/common/policy_service_impl.cc
|
|
--- a/components/policy/core/common/policy_service_impl.cc
|
|
+++ b/components/policy/core/common/policy_service_impl.cc
|
|
@@ -47,6 +47,9 @@ namespace {
|
|
// Metrics should not be enforced so if this policy is set as mandatory
|
|
// downgrade it to a recommended level policy.
|
|
void DowngradeMetricsReportingToRecommendedPolicy(PolicyMap* policies) {
|
|
+ // skip the change to 'Recommended' if the MetricsReportingEnabled
|
|
+ // policy is 'Mandatory'.
|
|
+ if ((true)) return;
|
|
// Capture both the Chrome-only and device-level policies on Chrome OS.
|
|
const std::vector<const char*> metrics_keys = {
|
|
#if BUILDFLAG(IS_CHROMEOS)
|
|
diff --git a/components/policy/core/common/policy_switches.cc b/components/policy/core/common/policy_switches.cc
|
|
--- a/components/policy/core/common/policy_switches.cc
|
|
+++ b/components/policy/core/common/policy_switches.cc
|
|
@@ -24,6 +24,8 @@ const char kChromePolicy[] = "policy";
|
|
// (go/crosman-file-storage-server) to upload log and support packet files.
|
|
const char kFileStorageServerUploadUrl[] = "file-storage-server-upload-url";
|
|
|
|
+const char kForceDisabledPolicies[] = "force-disable-policies";
|
|
+
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
// Disables the verification of policy signing keys. It just works on Chrome OS
|
|
// test images and crashes otherwise.
|
|
diff --git a/components/policy/core/common/policy_switches.h b/components/policy/core/common/policy_switches.h
|
|
--- a/components/policy/core/common/policy_switches.h
|
|
+++ b/components/policy/core/common/policy_switches.h
|
|
@@ -19,6 +19,7 @@ extern const char kEncryptedReportingUrl[];
|
|
extern const char kChromePolicy[];
|
|
extern const char kSecureConnectApiUrl[];
|
|
extern const char kFileStorageServerUploadUrl[];
|
|
+extern const char kForceDisabledPolicies[];
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
extern const char kDisablePolicyKeyVerification[];
|
|
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
|
|
diff --git a/components/policy/resources/templates/policy_definitions/Miscellaneous/SyncDisabled.yaml b/components/policy/resources/templates/policy_definitions/Miscellaneous/SyncDisabled.yaml
|
|
--- a/components/policy/resources/templates/policy_definitions/Miscellaneous/SyncDisabled.yaml
|
|
+++ b/components/policy/resources/templates/policy_definitions/Miscellaneous/SyncDisabled.yaml
|
|
@@ -13,7 +13,6 @@ features:
|
|
dynamic_refresh: true
|
|
per_profile: true
|
|
future_on:
|
|
-- android
|
|
- fuchsia
|
|
items:
|
|
- caption: Disable <ph name="CHROME_SYNC_NAME">Chrome Sync</ph>
|
|
@@ -30,6 +29,7 @@ supported_on:
|
|
- chrome.*:8-
|
|
- chrome_os:11-
|
|
- ios:96-
|
|
+- android:8-
|
|
tags:
|
|
- filtering
|
|
- google-sharing
|
|
diff --git a/components/policy/resources/webui/policy_row.html b/components/policy/resources/webui/policy_row.html
|
|
--- a/components/policy/resources/webui/policy_row.html
|
|
+++ b/components/policy/resources/webui/policy_row.html
|
|
@@ -163,6 +163,7 @@ a {
|
|
<div class="policy row" role="row">
|
|
<div class="name" role="rowheader" aria-labelledby="name">
|
|
<a class="link" target="_blank">
|
|
+ <input type="checkbox" class="enabled_box">
|
|
<span id="name"></span>
|
|
<img src="chrome://resources/images/open_in_new.svg">
|
|
</a>
|
|
diff --git a/components/policy/resources/webui/policy_row.ts b/components/policy/resources/webui/policy_row.ts
|
|
--- a/components/policy/resources/webui/policy_row.ts
|
|
+++ b/components/policy/resources/webui/policy_row.ts
|
|
@@ -15,6 +15,7 @@ import {getTemplate} from './policy_row.html.js';
|
|
export interface Policy {
|
|
ignored?: boolean;
|
|
name: string;
|
|
+ disabled: boolean;
|
|
level: string;
|
|
link?: string;
|
|
scope: string;
|
|
@@ -56,6 +57,9 @@ export class PolicyRowElement extends CustomElement {
|
|
const copy = this.shadowRoot!.querySelector('.copy-value');
|
|
copy!.addEventListener('click', () => this.copyValue_());
|
|
|
|
+ const enabledBox = this.shadowRoot!.querySelector('.enabled_box');
|
|
+ enabledBox!.addEventListener('change', () => this.enabledChanged_());
|
|
+
|
|
this.setAttribute('role', 'rowgroup');
|
|
this.classList.add('policy-data');
|
|
}
|
|
@@ -94,6 +98,9 @@ export class PolicyRowElement extends CustomElement {
|
|
this.toggleAttribute('no-help-link', true);
|
|
}
|
|
|
|
+ const enabledBox = <HTMLInputElement>this.shadowRoot!.querySelector('.enabled_box');
|
|
+ enabledBox!.checked = !policy.disabled;
|
|
+
|
|
// Populate the remaining columns with policy scope, level and value if a
|
|
// value has been set. Otherwise, leave them blank.
|
|
if (!this.unset_) {
|
|
@@ -226,6 +233,11 @@ export class PolicyRowElement extends CustomElement {
|
|
}
|
|
}
|
|
|
|
+ enabledChanged_() {
|
|
+ const enabledBox = <HTMLInputElement>this.shadowRoot!.querySelector('.enabled_box');
|
|
+ chrome.send('setEnabledPolicy', [this.policy.name, enabledBox.checked]);
|
|
+ }
|
|
+
|
|
// Copies the policy's value to the clipboard.
|
|
private copyValue_() {
|
|
const policyValueDisplay =
|
|
diff --git a/components/policy_strings.grdp b/components/policy_strings.grdp
|
|
--- a/components/policy_strings.grdp
|
|
+++ b/components/policy_strings.grdp
|
|
@@ -588,8 +588,8 @@ Additional details:
|
|
<message name="IDS_POLICY_SOURCE_DEFAULT" desc="Indicates that a policy is set by default and can be overridden.">
|
|
Default
|
|
</message>
|
|
- <message name="IDS_POLICY_SOURCE_COMMAND_LINE" desc="Indicates that a policy is set by command line switch for testing purpose.">
|
|
- Command line
|
|
+ <message name="IDS_POLICY_SOURCE_COMMAND_LINE" desc="Indicates that a policy is set by bromite.">
|
|
+ Bromite default
|
|
</message>
|
|
<message name="IDS_POLICY_SOURCE_CLOUD" desc="Indicates that the policy originates from the cloud.">
|
|
Cloud
|
|
diff --git a/components/signin/internal/identity_manager/gaia_cookie_manager_service.cc b/components/signin/internal/identity_manager/gaia_cookie_manager_service.cc
|
|
--- a/components/signin/internal/identity_manager/gaia_cookie_manager_service.cc
|
|
+++ b/components/signin/internal/identity_manager/gaia_cookie_manager_service.cc
|
|
@@ -469,6 +469,8 @@ void GaiaCookieManagerService::RegisterPrefs(PrefRegistrySimple* registry) {
|
|
}
|
|
|
|
void GaiaCookieManagerService::InitCookieListener() {
|
|
+ // Make GaiaCookieManagerService compliant to SigninAllowed policy
|
|
+ if (!signin_client_->AreSigninCookiesAllowed()) return;
|
|
DCHECK(!cookie_listener_receiver_.is_bound());
|
|
|
|
network::mojom::CookieManager* cookie_manager =
|
|
@@ -891,6 +893,8 @@ void GaiaCookieManagerService::OnSetAccountsFinished(
|
|
}
|
|
|
|
void GaiaCookieManagerService::HandleNextRequest() {
|
|
+ // Make GaiaCookieManagerService compliant to SigninAllowed policy
|
|
+ if (!signin_client_->AreSigninCookiesAllowed()) requests_.clear();
|
|
VLOG(1) << "GaiaCookieManagerService::HandleNextRequest";
|
|
if (requests_.front().request_type() ==
|
|
GaiaCookieRequestType::LIST_ACCOUNTS) {
|
|
diff --git a/google_apis/gaia/gaia_auth_fetcher.cc b/google_apis/gaia/gaia_auth_fetcher.cc
|
|
--- a/google_apis/gaia/gaia_auth_fetcher.cc
|
|
+++ b/google_apis/gaia/gaia_auth_fetcher.cc
|
|
@@ -482,6 +482,7 @@ void GaiaAuthFetcher::StartListAccounts() {
|
|
}
|
|
}
|
|
})");
|
|
+ LOG(INFO) << "---CreateAndStartGaiaFetcher";
|
|
CreateAndStartGaiaFetcher(
|
|
" ", // To force an HTTP POST.
|
|
kFormEncodedContentType, "Origin: https://www.google.com",
|
|
--
|
|
2.25.1
|