Open Bug 1888485 Opened 7 months ago Updated 2 months ago

SanitizeOnShutdown policy results in "Delete cookies" option being set, but not visibly locked

Categories

(Firefox :: Enterprise Policies, defect, P3)

defect

Tracking

()

UNCONFIRMED

People

(Reporter: pascal.reintjens, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

  1. Created a policies.json file with the following contents:
{
	"policies": {		
		"SanitizeOnShutdown": {
			"Cache": true,
			"Cookies": true,			
			"Downloads": true,
			"FormData": true,
			"Sessions": true,			
			"OfflineApps": true,
			"Locked": true
		}
	}	
}
  1. Subsequently, placed this file within the installation directory: C:\Program Files\Mozilla Firefox\distribution\policies.json
  2. restarted the browser and went to Settings > Privacy & Security > Cookie and Site Data
  3. unchecked the toggle Delete cookies and site data when Firefox is closed
  4. Restarted the Browser and went again to Settings > Privacy & Security > Cookie and Site Data

Actual results:

Delete cookies and site data when Firefox is closed on step 4 gets activated by the policy but is not grayed out. The user can deactivate the option but after restarting Firefox, the option is then activated again.

Expected results:

Delete cookies and site data when Firefox is closed should be grayed out so that the user doesn't think he can change it when it is enforced by SanitizeOnShutdown.

Summary: SanitizeOnShutdown policy results in "Delete cookies" option being set, but not visible locked → SanitizeOnShutdown policy results in "Delete cookies" option being set, but not visibly locked

The Bugbug bot thinks this bug should belong to the 'Toolkit::Data Sanitization' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Data Sanitization
Product: Firefox → Toolkit
Version: other → unspecified

Shorter policies.json to reproduce:

{
	"policies": {		
		"SanitizeOnShutdown": {
			"Cache": true,
			"Cookies": true,			
			"OfflineApps": true,
			"Locked": true
		}
	}	
}
See Also: → 1888451
Flags: needinfo?(hsohaney)

Do we know if this wasn't a bug from before? It looks like the checkbox in question isn't controlled by a pref, but rather is set in privacy.js
https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js#2097

This could mean that it isn't controlled by a pref, and is not affected by the locking policies. This seems unrelated to the new clear history dialog, but is a bug!

Flags: needinfo?(hsohaney)
Severity: -- → S3
Priority: -- → P2
Assignee: nobody → hsohaney
Assignee: hsohaney → nobody
Component: Data Sanitization → Enterprise Policies
Product: Toolkit → Firefox

Hey Mike, could you help confirm if this issue is due to the checkbox not being directly controlled by a pref?

Flags: needinfo?(mozilla)
Priority: P2 → P3

Yes, this is definitely going to be related to that.

If something isn't a pref, it doesn't get automatic disabling, so we would need code that would check .locked on the preference.

Flags: needinfo?(mozilla)
You need to log in before you can comment on or make changes to this bug.