Closed Bug 1471355 Opened Last year Closed Last year

Need to block chrome URLS when we block about: URLs

Categories

(Firefox :: Enterprise Policies, defect, P1)

defect

Tracking

()

VERIFIED FIXED
Firefox 63
Tracking Status
firefox62 --- verified
firefox63 --- verified

People

(Reporter: mkaply, Assigned: mkaply)

References

Details

Attachments

(1 file)

This is a clone of the previous bug specifically to fix in 62 and beyond due to Content policy changes.


+++ This bug was initially created as a clone of Bug #1453012 +++

We currently block about: URLS in the redirector, but these can be bypassed by typing the chrome URL directly in the URL bar (chrome://global/content/config.xul).

We need some mechanism to block that as well.

For 60, maybe we should just have the JS files for the various feature bail early if the policy is not enabled?

While we think of a longer term solution?

Affects

about:config
about:profiles
about:support
about:debugging
about:telemetry
Comment on attachment 8987974 [details]
Bug 1471355 - Block all chrome URLS if about: policy is active.

https://reviewboard.mozilla.org/r/253244/#review259816


Code analysis found 1 defect in this patch:
 - 1 defect found by mozlint

You can run this analysis locally with:
 - `./mach lint path/to/file` (JS/Python)


If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx


::: browser/components/enterprisepolicies/Policies.jsm:959
(Diff revision 1)
> +    return Ci.nsIContentPolicy.ACCEPT;
> +  },
> +  classDescription: "Policy Engine Content Policy",
> +  contractID: "@mozilla-org/policy-engine-content-policy-service;1",
> +  classID: Components.ID("{ba7b9118-cabc-4845-8b26-4215d2a59ed7}"),
> +  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),

Error: Please use chromeutils.generateqi instead of xpcomutils.generateqi [eslint: mozilla/use-chromeutils-generateqi]
Status: NEW → ASSIGNED
Priority: -- → P1
Comment on attachment 8987974 [details]
Bug 1471355 - Block all chrome URLS if about: policy is active.

https://reviewboard.mozilla.org/r/253244/#review260586

nit: don't forget to address the eslint error mentioned
Attachment #8987974 - Flags: review?(felipc) → review+
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/7ba0b2abe799
Block all chrome URLS if about: policy is active. r=Felipe
https://hg.mozilla.org/mozilla-central/rev/7ba0b2abe799
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
Comment on attachment 8987974 [details]
Bug 1471355 - Block all chrome URLS if about: policy is active.

This is a policy only change IT's only needed on Rapid release, not ESR.

Approval Request Comment
[Feature/Bug causing the regression]: Change to nsIContentPolicy required new code
[User impact if declined]: Blocking about: URLs doesn't block chrome versions
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: Very low risk
[Why is the change risky/not risky?]: Policy only
[String changes made/needed]:
Attachment #8987974 - Flags: approval-mozilla-beta?
A note that "verified in nightly" means someone who isn't the developer or the reviewer, who can reproduce the original issue, verified that the fix works.
Comment on attachment 8987974 [details]
Bug 1471355 - Block all chrome URLS if about: policy is active.

Going from https://bugzilla.mozilla.org/show_bug.cgi?id=1453012#c12, it looks like this is a similar fix.  If the policy engine isn't ready for release users, is there urgency to get this onto 62?
> A note that "verified in nightly" means someone who isn't the developer or the reviewer, who can reproduce the original issue, verified that the fix works.

Thanks, I'll keep that in mind.

> Going from https://bugzilla.mozilla.org/show_bug.cgi?id=1453012#c12, it looks like this is a similar fix.  If the policy engine isn't ready for release users, is there urgency to get this onto 62?

60/61 were the releases where the policy engine wasn't ready for release users. We're targeting 62 as a release for enterprise to use because AutoConfig is going away in that release.
Comment on attachment 8987974 [details]
Bug 1471355 - Block all chrome URLS if about: policy is active.

Discussed on IRC with mkaply, let's take this for beta 10.
Attachment #8987974 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Blocks: 1479870
This bug was covered by the overall testing efforts invested in the New Enterprise Policies feature.

Marking this as verified fixed using Firefox 62.0b16 (BuildId:20180809104529) and Firefox 63.0a1(BuildId:20180813220525) on Windows 10 64bit and macOS 10.13.4
Status: RESOLVED → VERIFIED
Regressions: 1558866
You need to log in before you can comment on or make changes to this bug.