Closed
Bug 1429176
Opened 7 years ago
Closed 7 years ago
Policies: Prevent access to about:support and about:profiles
Categories
(Firefox :: Enterprise Policies, enhancement, P1)
Firefox
Enterprise Policies
Tracking
()
VERIFIED
FIXED
Firefox 60
Tracking | Status | |
---|---|---|
firefox60 | --- | verified |
People
(Reporter: Felipe, Assigned: bytesized)
References
Details
Attachments
(2 files)
Policies to prevent access to about:support and about:profiles.
Similarly to bug 1429123, we should figure out whether it's necessary to remove the UI entry points for these.
Also, I personally question the validity of blocking about:support. But I know this is needed for CCK2 parity
Assignee | ||
Comment 1•7 years ago
|
||
It looks like the UI entry points for these are:
about:support
Help Menu->Troubleshooting Information
https://searchfox.org/mozilla-central/rev/88439dc6c5b02e167032374071cdc697a056efa1/browser/base/content/baseMenuOverlay.xul#67
about:memory
https://searchfox.org/mozilla-central/rev/88439dc6c5b02e167032374071cdc697a056efa1/toolkit/components/aboutmemory/content/aboutMemory.js#395
about:profiles
about:support
https://searchfox.org/mozilla-central/rev/88439dc6c5b02e167032374071cdc697a056efa1/toolkit/content/aboutSupport.xhtml#285
Assignee: nobody → ksteuber
Assignee | ||
Comment 2•7 years ago
|
||
Ah, there are also entry points for these pages in about:about. I think though that these are best removed in Bug 1421707. I will add that functionality to that patch.
Reporter | ||
Comment 3•7 years ago
|
||
I personally don't think it's necessary to remove the entries from about:about (and likely some of these other internal pages too). As long as accessing the page will still be blocked, that seems fine
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Updated•7 years ago
|
Attachment #8943075 -
Flags: review?(felipc)
Attachment #8943069 -
Flags: review?(felipc)
Reporter | ||
Comment 6•7 years ago
|
||
mozreview-review |
Comment on attachment 8943069 [details]
Bug 1429176 - Add enterprise policy to prevent access to about:support
https://reviewboard.mozilla.org/r/213352/#review219378
::: browser/components/enterprisepolicies/Policies.jsm:59
(Diff revision 1)
> + // Remove the "Help->Troubleshooting Information" menu item from all
> + // newly created windows
> + Services.obs.addObserver((subject, topic, data) => {
> + let win = subject.QueryInterface(Components.interfaces.nsIDOMWindow);
> + win.addEventListener("load", event => {
> + let doc = event.target;
> + let url = doc.location.href.split("?")[0].split("#")[0];
> + if (url == "chrome://browser/content/browser.xul") {
> + doc.getElementById("troubleShooting").disabled = true;
> + }
> + });
> + }, "chrome-document-global-created");
> +
> + // Remove the "Help->Troubleshooting Information" menu item from any
> + // existing windows. This may only be needed during testing.
> + let browserWindowEnum = Services.wm.getEnumerator("navigator:browser");
> + while (browserWindowEnum.hasMoreElements()) {
> + let chromeWin = browserWindowEnum.getNext();
> + chromeWin.document.getElementById("troubleShooting").disabled = true;
> + }
> + }
So the help menu already has an onpopupshowing function, https://searchfox.org/mozilla-central/rev/48cbb200aa027a0a379b6004b6196a167344b865/browser/base/content/baseMenuOverlay.xul#44
It will be much more lightweight to just consult isAllowed inside the buildHelpMenu and disable the menuitem there.
Attachment #8943069 -
Flags: review?(felipc)
Reporter | ||
Comment 7•7 years ago
|
||
mozreview-review |
Comment on attachment 8943075 [details]
Bug 1429176 - Add enterprise policy to prevent access to about:profiles
https://reviewboard.mozilla.org/r/213362/#review219384
Attachment #8943075 -
Flags: review?(felipc) → review+
Comment hidden (mozreview-request) |
Assignee | ||
Updated•7 years ago
|
Attachment #8943075 -
Flags: review?(bzbarsky)
Attachment #8943069 -
Flags: review?(felipc) → review?(bzbarsky)
Reporter | ||
Comment 9•7 years ago
|
||
mozreview-review |
Comment on attachment 8943069 [details]
Bug 1429176 - Add enterprise policy to prevent access to about:support
https://reviewboard.mozilla.org/r/213352/#review219404
Attachment #8943069 -
Flags: review+
Comment 10•7 years ago
|
||
mozreview-review |
Comment on attachment 8943069 [details]
Bug 1429176 - Add enterprise policy to prevent access to about:support
https://reviewboard.mozilla.org/r/213352/#review219510
Attachment #8943069 -
Flags: review?(bzbarsky) → review+
Comment 11•7 years ago
|
||
mozreview-review |
Comment on attachment 8943075 [details]
Bug 1429176 - Add enterprise policy to prevent access to about:profiles
https://reviewboard.mozilla.org/r/213362/#review219512
::: toolkit/content/aboutSupport.js:114
(Diff revision 1)
> let keyMozillaFound = data.keyMozillaFound ? "found" : "missing";
> $("key-mozilla-box").textContent = strings.GetStringFromName(keyMozillaFound);
>
> $("safemode-box").textContent = data.safeMode;
> +
> + if (!Services.policies.isAllowed("about:profiles")) {
Does thid code ever run on Android? Because $("about-profiles-row") doesn't exist on Android...
If this code can run there, it needs to null-check.
Attachment #8943075 -
Flags: review?(bzbarsky) → review+
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Comment 20•7 years ago
|
||
Felipe and I have determined that links/buttons will not be disabled if they point to a page that explains why it is disabled. I have updated these patches to reflect this.
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment 23•7 years ago
|
||
Pushed by ksteuber@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1cb0d5a14e4a
Add enterprise policy to prevent access to about:profiles r=bz,Felipe
https://hg.mozilla.org/integration/autoland/rev/9eb712d11904
Add enterprise policy to prevent access to about:support r=bz,Felipe
Comment 24•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1cb0d5a14e4a
https://hg.mozilla.org/mozilla-central/rev/9eb712d11904
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 60
Comment 25•7 years ago
|
||
We tested "BlockAboutProfiles" and "BlockAboutSupport" policies using JSON file. We verified these policies manually as fixed.
When these policies are in use, their respective pages become blocked. They also provide information to the user when blocked.
Test steps and runs are available here: https://testrail.stage.mozaws.net/index.php?/plans/view/7734
The bug will also be retested with ADMX files when it is ready for testing.
Updated•7 years ago
|
status-firefox59:
affected → ---
Comment 26•7 years ago
|
||
We retested this with adm policy format and it is verified as fixed. With these policies activated, the corresponding pages can be blocked.
Test cases and runs are here- https://testrail.stage.mozaws.net/index.php?/plans/view/8760
Comment 27•7 years ago
|
||
We retested this on beta builds[FX60] with ADM and JSON policy formats and it is verified as fixed.
Test cases and runs are here- https://testrail.stage.mozaws.net/index.php?/plans/view/8760
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•