blob: 5c033a15e0a375ef21e884377137c2787f9df03d [file] [log] [blame]
{
# policy_templates.json - Metafile for policy templates
#
# The content of this file is evaluated as a Python expression.
#
# This file is used as input to generate the following policy templates:
# ADM, ADMX+ADML, MCX/plist and html documentation.
#
# Policy templates are user interface definitions or documents about the
# policies that can be used to configure Chrome. Each policy is a name-value
# pair where the value has a given type. Chrome looks up the values using the
# names of the policies. In the user interface where the values can be set,
# related policies might appear together in policy groups. The grouping is not
# visible to Chrome.
#
# This file contains a list of policies and groups. Each group contains a list
# of policies under the key 'policies'. All the policies and groups must have
# unique names. Group names are not exposed to Chrome at all.
#
# Each policy has a type. The currently implemented types:
# 'group': - not a real policy, contains a list of policies
# NOTE: Currently nesting groups inside other groups is not supported.
# 'string' - a string value
# 'int' - an integer value
# 'int-enum' - the user can select an integer value from a collection of
# items
# 'string-enum' - the user can select a string value from a collection of
# items
# 'string-enum-list' - the user can select a set of string values from a
# collection of items
# 'main' - a boolean value
# 'list' - a list of string values
# 'dict' - a dictionary value, containing other values indexed by strings
# NOTE: This type is not supported yet. http://crbug.com/108992
# 'external' - a policy that references external data.
# NOTE: This type is currently supported on Chrome OS only.
#
# Policy group descriptions, policy captions and similar texts are localized
# strings taken from the <message> nodes of the .grd file. Their name
# attributes are generated from the JSON keys.
# Each item (policy or group) may have the following messages:
# - description:
# Describes the item it applies to.
# - caption
# A short, one-line summary of the item it applies to. This can appear
# both in policy or group listings or on title bars of policy-setting
# windows.
# - label (Optional, defaults to caption if not specified.)
# A short, one-line summary of the item it applies to. The difference
# from caption is that label always appears next to the entry field
# where the value of the policy can be entered. 'main' policies on
# Windows ignore this. Policies on Mac are using this instead of caption.
#
# Generated grd names:
# Each name has two parts: the second part is either CAPTION, DESC or LABEL,
# and the first part identifies the item the text applies to:
# -For policies and groups:
# IDS_POLICY_<NAME OF THE POLICY OR GROUP>
# e.g. the name of the caption of policy HomepageLocation:
# IDS_POLICY_HOMEPAGELOCATION_CAPTION
# or other messages of the policy HomepageLocation:
# IDS_POLICY_HOMEPAGELOCATION_LABEL
# IDS_POLICY_HOMEPAGELOCATION_DESC
# -For enum items:
# IDS_POLICY_ENUM_<NAME OF THE ITEM>
# e.g. the name of the caption of ProxyServerDisabled:
# IDS_POLICY_ENUM_PROXYSERVERDISABLED_CAPTION
#
# Products and versions:
# Each policy has the list of products and version numbers where it is
# supported under the key 'supported_on'. Each item of this list has the
# form of 'product:since_version-until_version', which means that support
# for the policy in 'product' was introduced in 'since_version' and removed
# after 'until_version'. Product names may contain a suffix specifying a
# platform name, e.g.: 'chrome.win' is read as 'Chrome on Windows'. Version
# numbers can be any string that does not contain ':' or '-' characters.
#
# Currently supported product names:
# 'chrome_frame', 'chrome_os', 'android', 'ios',
# 'chrome.win', 'chrome.linux', 'chrome.mac', 'chrome.*'
# For example if 'chrome.*:5-10' is specified for a policy, then it should
# be read as:
# 'chrome.linux:5-10', 'chrome.mac:5-10', 'chrome.win:5-10'
#
# The product name also affects in which templates the policy is included:
# chrome.*, chrome.win, chrome_frame -> ADM, ADMX, ADML, doc
# chrome.*, chrome.linux -> JSON, doc
# chrome.*, chrome.mac -> plist, plist_strings, doc
# everything else -> doc
#
# The default list of policies supported by Chrome is also generated based
# on the product names:
# chrome.* -> Chrome policy definition list
# chrome_os -> Chrome policy definition list, when building OS_CHROMEOS
#
# Annotations:
# Additional information is specified under keys 'features' and
# 'example_value'. These are used in the generated documentation and example
# policy configuration files. 'dynamic_refresh' controls if the generated
# documentation should state that the policy supports dynamic refresh or not.
# Supporting dynamic refresh means that Chrome respects the changes to the
# policy immediately, without the need for restart.
# 'can_be_mandatory' can be set to False to exclude that policy in the
# mandatory policies template. This only affects the template generation;
# The default is True.
# 'can_be_recommended' can be set to True to include that policy in the
# recommended policies templates. This only affects the template generation;
# all policies can be at the recommended level. The default is False.
#
# The 'max_size' key is used to specify the maximal size of the external data
# that a policy can reference, in bytes. This annotation is compulsory for
# policies of type 'external'. It is ignored for all other policy types.
#
# The 'future' key is used to indicate that a policy isn't yet ready for
# usage. It defaults to False, and currently affects the generated policy
# templates and documentation. The policy definition list that Chrome sees
# will include policies marked with 'future'. If a WIP policy isn't meant to
# be seen by the policy providers either, the 'supported_on' key should be set
# to an empty list.
#
# IDs:
# Since a Protocol Buffer definition is generated from this file, unique and
# persistent IDs for all fields (but not for groups!) are needed. These are
# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
# because doing so would break the deployed wire format!
# For your editing convenience: highest ID currently used: 281
#
# Placeholders:
# The following placeholder strings are automatically substituted:
# $1 -> Google Chrome / Chromium
# $2 -> Google Chrome OS / Chromium OS
# $3 -> Google Chrome Frame / Chromium Frame
# $6 is reserved for doc_writer
#
# Device Policy:
# An additional flag device_only (optional, defaults to False) indicates
# that this policy is only supported as a device-level Cloud Policy.
# In that case no entry in the UserPolicy Protobuf is generated and
# it is assumed that it will be added to the DevicePolicy Protobuf manually.
#
# Enterprise defaults:
# An optional key 'default_for_enterprise_users' contains value that's set for
# enterprise users as a default.
#
'policy_definitions': [
{
'name': 'Homepage',
'type': 'group',
'caption': '''Home page''',
'desc': '''Configure the default home page in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing it.
The user's home page settings are only completely locked down, if you either select the home page to be the new tab page, or set it to be a URL and specify a home page URL. If you don't specify the home page URL, then the user is still able to set the home page to the new tab page by specifying 'chrome://newtab'.''',
'policies': [
{
'name': 'HomepageLocation',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://chromium.org',
'id': 1,
'caption': '''Configure the home page URL''',
'desc': '''Configures the default home page URL in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing it.
The home page is the page opened by the Home button. The pages that open on startup are controlled by the RestoreOnStartup policies.
The home page type can either be set to a URL you specify here or set to the New Tab Page. If you select the New Tab Page, then this policy does not take effect.
If you enable this setting, users cannot change their home page URL in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>, but they can still can choose the New Tab Page as their home page.
Leaving this policy not set will allow the user to choose his home page on his own if HomepageIsNewTabPage is not set too.''',
'label': '''Home page URL''',
},
{
'name': 'HomepageIsNewTabPage',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 2,
'caption': '''Use New Tab Page as homepage''',
'desc': '''Configures the type of the default home page in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing home page preferences. The home page can either be set to a URL you specify or set to the New Tab Page.
If you enable this setting, the New Tab Page is always used for the home page, and the home page URL location is ignored.
If you disable this setting, the user's homepage will never be the New Tab Page, unless its URL is set to 'chrome://newtab'.
If you enable or disable this setting, users cannot change their homepage type in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Leaving this policy not set will allow the user to choose whether the new tab page is his home page on his own.''',
},
],
},
{
'name': 'DefaultBrowserSettingEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': True,
'id': 3,
'caption': '''Set <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> as Default Browser''',
'desc': '''Configures the default browser checks in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing them.
If you enable this setting, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will always check on startup whether it is the default browser and automatically register itself if possible.
If this setting is disabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will never check if it is the default browser and will disable user controls for setting this option.
If this setting is not set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't.''',
'label': '''Set <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> as Default Browser''',
},
{
'name': 'ApplicationLocaleValue',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.win:8-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 'en',
'id': 4,
'caption': '''Application locale''',
'desc': '''Configures the application locale in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing the locale.
If you enable this setting, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses the specified locale. If the configured locale is not supported, 'en-US' is used instead.
If this setting is disabled or not set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses either the user-specified preferred locale (if configured), the system locale or the fallback locale 'en-US'.''',
'label': '''Application locale''',
},
{
'name': 'AlternateErrorPagesEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 5,
'caption': '''Enable alternate error pages''',
'desc': '''Enables the use of alternate error pages that are built into <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> (such as 'page not found') and prevents users from changing this setting.
If you enable this setting, alternate error pages are used.
If you disable this setting, alternate error pages are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, this will be enabled but the user will be able to change it.''',
},
{
'name': 'SearchSuggestEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 6,
'caption': '''Enable search suggestions''',
'desc': '''Enables search suggestions in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>'s omnibox and prevents users from changing this setting.
If you enable this setting, search suggestions are used.
If you disable this setting, search suggestions are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, this will be enabled but the user will be able to change it.''',
},
{
'name': 'DnsPrefetchingEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 7,
'caption': '''Enable network prediction''',
'desc': '''Enables network prediction in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
This controls not only DNS prefetching but also TCP and SSL preconnection and prerendering of web pages. The policy name refers to DNS prefetching for historical reasons.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, this will be enabled but the user will be able to change it.''',
},
{
'name': 'NetworkPredictionOptions',
'type': 'int-enum',
'schema': {
'type': 'integer',
'enum': [ 0, 1, 2 ],
},
'items': [
{
'name': 'NetworkPredictionAlways',
'value': 0,
'caption': '''Predict network actions on any network connection''',
},
{
'name': 'NetworkPredictionWifiOnly',
'value': 1,
'caption': '''Predict network actions on any network that is not
cellular''',
},
{
'name': 'NetworkPredictionNever',
'value': 2,
'caption': '''Do not predict network actions on any network connection''',
},
],
'supported_on': ['chrome.*:38-', 'chrome_os:38-', 'android:38-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 1,
'id': 273,
'caption': '''Enable network prediction''',
'desc': '''Enables network prediction in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
This controls DNS prefetching, TCP and SSL preconnection and prerendering of web pages.
If you set this preference to 'always', 'never', or 'WiFi only', users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, network prediction will be enabled but the user will be able to change it.''',
},
{
'name': 'WPADQuickCheckEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [ 'chrome.*:35-', 'chrome_os:35-' ],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': True,
'id': 261,
'caption': '''Enable WPAD optimization''',
'desc': '''Enables WPAD optimization in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
Setting this to enabled causes <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to wait for a shorter interval for DNS-based WPAD servers.
If this policy is left not set, this will be enabled and the user will not
be able to change it.''',
},
{
'name': 'DisableSpdy',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': True,
'id': 8,
'caption': '''Disable SPDY protocol''',
'desc': '''Disables use of the SPDY protocol in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is enabled the SPDY protocol will not be available in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Setting this policy to disabled will allow the usage of SPDY.
If this policy is left not set, SPDY will be available.''',
},
{
'name': 'DisabledSchemes',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:12-', 'chrome_os:12-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': ['file', 'https'],
'id': 85,
'caption': '''Disable URL protocol schemes''',
'desc': '''This policy is deprecated, please use URLBlacklist instead.
Disables the listed protocol schemes in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
URLs using a scheme from this list will not load and can not be navigated to.
If this policy is left not set or the list is empty all schemes will be accessible in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
'label': '''List of disabled protocol schemes''',
},
{
'name': 'JavascriptEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': True,
'id': 9,
'caption': '''Enable JavaScript''',
'desc': '''This policy is deprecated, please use DefaultJavaScriptSetting instead.
Can be used to disabled JavaScript in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this setting is disabled, web pages cannot use JavaScript and the user cannot change that setting.
If this setting is enabled or not set, web pages can use JavaScript but the user can change that setting.''',
},
{
'name': 'IncognitoEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:11-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': False,
'id': 10,
'caption': '''Enable Incognito mode''',
'desc': '''This policy is deprecated. Please, use IncognitoModeAvailability instead.
Enables Incognito mode in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this setting is enabled or not configured, users can open web pages in incognito mode.
If this setting is disabled, users cannot open web pages in incognito mode.
If this policy is left not set, this will be enabled and the user will be able to use incognito mode.''',
},
{
'name': 'IncognitoModeAvailability',
'type': 'int-enum',
'schema': {
'type': 'integer',
'enum': [ 0, 1, 2 ],
},
'items': [
{
'name': 'Enabled',
'value': 0,
'caption': '''Incognito mode available''',
},
{
'name': 'Disabled',
'value': 1,
'caption': '''Incognito mode disabled''',
},
{
'name': 'Forced',
'value': 2,
'caption': '''Incognito mode forced''',
},
],
'supported_on': [
'chrome.*:14-',
'chrome_os:14-',
'android:30-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 1,
'id': 93,
'caption': '''Incognito mode availability''',
'desc': '''Specifies whether the user may open pages in Incognito mode in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode.
If 'Disabled' is selected, pages may not be opened in Incognito mode.
If 'Forced' is selected, pages may be opened ONLY in Incognito mode.''',
},
{
'name': 'SavingBrowserHistoryDisabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 11,
'caption': '''Disable saving browser history''',
'desc': '''Disables saving browser history in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
If this setting is enabled, browsing history is not saved. This setting also disables tab syncing.
If this setting is disabled or not set, browsing history is saved.''',
},
{
'name': 'AllowDeletingBrowserHistory',
'future': True,
'type': 'main',
'schema': { 'type': 'boolean' },
# TODO(pamg): Restore the correct 'supported' line when the UI properly
# shows that deleting browser history is disabled. Also fix the 'os' line
# in policy_test_cases.json.
# 'supported_on': ['chrome.*:27-', 'chrome_os:27-'],
'supported_on': [],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 187,
'caption': '''Enable deleting browser and download history''',
'desc': '''Enables deleting browser history and download history in <ph name="PRODUCT_NAME">$<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
Note that even with this policy disabled, the browsing and download history are not guaranteed to be retained: users may be able to edit or delete the history database files directly, and the browser itself may expire or archive any or all history items at any time.
If this setting is enabled or not set, browsing and download history can be deleted.
If this setting is disabled, browsing and download history cannot be deleted.''',
},
{
'name': 'RemoteAccess',
'type': 'group',
'caption': '''Configure remote access options''',
'desc': '''Configure remote access options in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
These features are ignored unless the Remote Access web application is installed.''',
'policies': [
{
'name': 'RemoteAccessClientFirewallTraversal',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:14-', 'chrome_os:14-'],
'features': {
'dynamic_refresh': True,
},
# Mark this 'removed' when http://crbug.com/100216 is resolved.
'deprecated': True,
'example_value': False,
'id': 94,
'caption': '''Enable firewall traversal from remote access client''',
'desc': '''This policy is no longer supported.
Enables usage of STUN and relay servers when connecting to a remote client.
If this setting is enabled, then this machine can discover and connect to remote host machines even if they are separated by a firewall.
If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine can only connect to host machines within the local network.''',
},
{
'name': 'RemoteAccessHostFirewallTraversal',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:14-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 95,
'caption': '''Enable firewall traversal from remote access host''',
'desc': '''Enables usage of STUN servers when remote clients are trying to establish a connection to this machine.
If this setting is enabled, then remote clients can discover and connect to this machines even if they are separated by a firewall.
If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network.
If this policy is left not set the setting will be enabled.''',
},
{
'name': 'RemoteAccessHostDomain',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:22-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': 'my-awesome-domain.com',
'id': 154,
'caption': '''Configure the required domain name for remote access hosts''',
'desc': '''Configures the required host domain name that will be imposed on remote access hosts and prevents users from changing it.
If this setting is enabled, then hosts can be shared only using accounts registered on the specified domain name.
If this setting is disabled or not set, then hosts can be shared using any account.''',
},
{
'name': 'RemoteAccessHostRequireTwoFactor',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:22-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 155,
'caption': '''Enable two-factor authentication for remote access hosts''',
'desc': '''Enables two-factor authentication for remote access hosts instead of a user-specified PIN.
If this setting is enabled, then users must provide a valid two-factor code when accessing a host.
If this setting is disabled or not set, then two-factor will not be enabled and the default behavior of having a user-defined PIN will be used.''',
},
{
'name': 'RemoteAccessHostTalkGadgetPrefix',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:22-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': 'chromoting-host',
'id': 156,
'caption': '''Configure the TalkGadget prefix for remote access hosts''',
'desc': '''Configures the TalkGadget prefix that will be used by remote access hosts and prevents users from changing it.
If specified, this prefix is prepended to the base TalkGadget name to create a full domain name for the TalkGadget. The base TalkGadget domain name is '.talkgadget.google.com'.
If this setting is enabled, then hosts will use the custom domain name when accessing the TalkGadget instead of the default domain name.
If this setting is disabled or not set, then the default TalkGadget domain name ('chromoting-host.talkgadget.google.com') will be used for all hosts.
Remote access clients are not affected by this policy setting. They will always use 'chromoting-client.talkgadget.google.com' to access the TalkGadget.''',
},
{
'name': 'RemoteAccessHostRequireCurtain',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:23-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 157,
'caption': '''Enable curtaining of remote access hosts''',
'desc': '''Enables curtaining of remote access hosts while a connection is in progress.
If this setting is enabled, then hosts' physical input and output devices are disabled while a remote connection is in progress.
If this setting is disabled or not set, then both local and remote users can interact with the host when it is being shared.''',
},
{
'name': 'RemoteAccessHostAllowClientPairing',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 234,
'caption': '''Enable or disable PIN-less authentication''',
'desc': '''If this setting is enabled or not configured, then users can opt to pair clients and hosts at connection time, eliminating the need to enter a PIN every time.
If this setting is disabled, then this feature will not be available.''',
},
{
'name': 'RemoteAccessHostAllowGnubbyAuth',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:35-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': True,
'id': 257,
'caption': '''Allow gnubby authentication''',
'desc': '''If this setting is enabled, then gnubby authentication requests will be proxied across a remote host connection.
If this setting is disabled or not configured, gnubby authentication requests will not be proxied.''',
},
{
'name': 'RemoteAccessHostAllowRelayedConnection',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:36-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 263,
'caption': '''Enable the use of relay servers by the remote access host''',
'desc': '''Enables usage of relay servers when remote clients are trying to establish a connection to this machine.
If this setting is enabled, then remote clients can use relay servers to connect to this machine when a direct connection is not available (e.g. due to firewall restrictions).
Note that if the policy <ph name="REMOTEACCESSHOSTFIREWALLTRAVERSAL_POLICY_NAME">RemoteAccessHostFirewallTraversal</ph> is disabled, this policy will be ignored.
If this policy is left not set the setting will be enabled.''',
},
{
'name': 'RemoteAccessHostUdpPortRange',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:36-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': '12400-12409',
'id': 264,
'caption': '''Restrict the UDP port range used by the remote access host''',
'desc': '''Restricts the UDP port range used by the remote access host in this machine.
If this policy is left not set, or if it is set to an empty string, the remote access host will be allowed to use any available port, unless the policy <ph name="REMOTEACCESSHOSTFIREWALLTRAVERSAL_POLICY_NAME">RemoteAccessHostFirewallTraversal</ph> is disabled, in which case the remote access host will use UDP ports in the 12400-12409 range.''',
},
],
},
{
'name': 'PrintingEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:39-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 12,
'caption': '''Enable printing''',
'desc': '''Enables printing in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
If this setting is enabled or not configured, users can print.
If this setting is disabled, users cannot print from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. Printing is disabled in the wrench menu, extensions, JavaScript applications, etc. It is still possible to print from plugins that bypass <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> while printing. For example, certain Flash applications have the print option in their context menu, which is not covered by this policy.''',
},
{
'name': 'CloudPrintProxyEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:17-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 13,
'caption': '''Enable <ph name="CLOUD_PRINT_NAME">Google Cloud Print</ph> proxy''',
'desc': '''Enables <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to act as a proxy between <ph name="CLOUD_PRINT_NAME">Google Cloud Print</ph> and legacy printers connected to the machine.
If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account.
If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with <ph name="CLOUD_PRINT_NAME">Google Cloud Print</ph>.''',
},
{
'name': 'ForceSafeSearch',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:25-', 'chrome_os:25-', 'android:30-'],
'features': {
'can_be_recommended': False,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': False,
'id': 162,
'caption': '''Force SafeSearch''',
'desc': '''Forces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting. This setting also forces Safety Mode on YouTube.
If you enable this setting, SafeSearch in Google Search and YouTube is always active.
If you disable this setting or do not set a value, SafeSearch in Google Search and YouTube is not enforced.''',
},
{
'name': 'SafeBrowsingEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 14,
'caption': '''Enable Safe Browsing''',
'desc': '''Enables <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>'s Safe Browsing feature and prevents users from changing this setting.
If you enable this setting, Safe Browsing is always active.
If you disable this setting, Safe Browsing is never active.
If you enable or disable this setting, users cannot change or override the "Enable phishing and malware protection" setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, this will be enabled but the user will be able to change it.''',
},
{
'name': 'MetricsReportingEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': True,
'id': 15,
'caption': '''Enable reporting of usage and crash-related data''',
'desc': '''Enables anonymous reporting of usage and crash-related data about <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to Google and prevents users from changing this setting.
If you enable this setting, anonymous reporting of usage and crash-related data is sent to Google.
If you disable this setting, anonymous reporting of usage and crash-related data is never sent to Google.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set the setting will be what the user chose upon installation / first run.''',
},
{
'name': 'PasswordManager',
'type': 'group',
'caption': '''Password manager''',
'desc': '''Configures the password manager. If the password manager is enabled, then you can choose to enable or disable whether the user may show stored passwords in clear text.''',
'policies': [
{
'name': 'PasswordManagerEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 16,
'caption': '''Enable the password manager''',
'desc': '''Enables saving passwords and using saved passwords in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If you enable this setting, users can have <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> memorize passwords and provide them automatically the next time they log in to a site.
If you disable this setting, users are not able to save passwords or use already saved passwords.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, this will be enabled but the user will be able to change it.''',
},
{
'name': 'PasswordManagerAllowShowPasswords',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': False,
'id': 17,
'caption': '''Allow users to show passwords in Password Manager''',
'desc': '''Controls whether the user may show passwords in clear text in the password manager.
If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window.
If you enable or do not set this policy, users can view their passwords in clear text in the password manager.''',
},
],
},
{
'name': 'AutoFillEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': False,
'id': 18,
'caption': '''Enable AutoFill''',
'desc': '''Enables <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>'s AutoFill feature and allows users to auto complete web forms using previously stored information such as address or credit card information.
If you disable this setting, AutoFill will be inaccessible to users.
If you enable this setting or do not set a value, AutoFill will remain under the control of the user. This will allow them to configure AutoFill profiles and to switch AutoFill on or off at their own discretion.''',
},
{
'name': 'DisabledPlugins',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['Java', 'Shockwave Flash', 'Chrome PDF Viewer'],
'id': 19,
'caption': '''Specify a list of disabled plugins''',
'desc': '''Specifies a list of plugins that are disabled in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.
If you enable this setting, the specified list of plugins is never used in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. The plugins are marked as disabled in 'about:plugins' and users cannot enable them.
Note that this policy can be overridden by EnabledPlugins and DisabledPluginsExceptions.
If this policy is left not set the user can use any plugin installed on the system except for hard-coded incompatible, outdated or dangerous plugins.''',
'label': '''List of disabled plugins''',
},
{
'name': 'EnabledPlugins',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:11-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['Java', 'Shockwave Flash', 'Chrome PDF Viewer'],
'id': 78,
'caption': '''Specify a list of enabled plugins''',
'desc': '''Specifies a list of plugins that are enabled in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing this setting.
The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.
The specified list of plugins is always used in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> if they are installed. The plugins are marked as enabled in 'about:plugins' and users cannot disable them.
Note that this policy overrides both DisabledPlugins and DisabledPluginsExceptions.
If this policy is left not set the user can disable any plugin installed on the system.''',
'label': '''List of enabled plugins''',
},
{
'name': 'DisabledPluginsExceptions',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:11-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['Java', 'Shockwave Flash', 'Chrome PDF Viewer'],
'id': 79,
'caption': '''Specify a list of plugins that the user can enable or disable''',
'desc': '''Specifies a list of plugins that user can enable or disable in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\\', so to match actual '*', '?', or '\\' characters, you can put a '\\' in front of them.
If you enable this setting, the specified list of plugins can be used in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. Users can enable or disable them in 'about:plugins', even if the plugin also matches a pattern in DisabledPlugins. Users can also enable and disable plugins that don't match any patterns in DisabledPlugins, DisabledPluginsExceptions and EnabledPlugins.
This policy is meant to allow for strict plugin blacklisting where the 'DisabledPlugins' list contains wildcarded entries like disable all plugins '*' or disable all Java plugins '*Java*' but the administrator wishes to enable some particular version like 'IcedTea Java 2.3'. This particular versions can be specified in this policy.
Note that both the plugin name and the plugin's group name have to be exempted. Each plugin group is shown in a separate section in about:plugins; each section may have one or more plugins. For example, the "Shockwave Flash" plugin belongs to the "Adobe Flash Player" group, and both names have to have a match in the exceptions list if that plugin is to be exempted from the blacklist.
If this policy is left not set any plugin that matches the patterns in the 'DisabledPlugins' will be locked disabled and the user won't be able to enable them.''',
'label': '''List of exceptions to the list of disabled plugins''',
},
{
'name': 'DisablePluginFinder',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:11-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': True,
'id': 66,
'caption': '''Specify whether the plugin finder should be disabled''',
'desc': '''If you set this setting to enabled the automatic search and installation of missing plugins will be disabled in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Setting this option to disabled or leave it not set the plugin finder will be active.''',
'label': '''Disable plugin finder''',
},
{
'name': 'SyncDisabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 20,
'caption': '''Disable synchronization of data with Google''',
'desc': '''Disables data synchronization in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> using Google-hosted synchronization services and prevents users from changing this setting.
If you enable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set Google Sync will be available for the user to choose whether to use it or not.''',
},
{
'name': 'SigninAllowed',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:27-', 'android:38-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': True,
'id': 190,
'caption': '''Allows sign in to <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>''',
'desc': '''This policy is deprecated, consider using SyncDisabled instead.
Allows the user to sign in to <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If you set this policy, you can configure whether a user is allowed to sign in to <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. Setting this policy to 'False' will prevent apps and extensions that use the chrome.identity API from functioning, so you may want to use SyncDisabled instead.''',
},
{
'name': 'EnableWebBasedSignin',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:35-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': False,
'id': 265,
'caption': '''Enables the old web-based signin''',
'desc': '''Enables the old web-based signin flow.
This setting is useful for enterprise customers who are using SSO solutions that are not compatible with the new inline signin flow yet.
If you enable this setting, the old web-based signin flow would be used.
If you disable this setting or leave it not set, the new inline signin flow would be used by default. Users may still enable the old web-based signin flow through the command line flag --enable-web-based-signin.
The experimental setting will be removed in the future when the inline signin fully supports all SSO signin flows.''',
},
{
'name': 'UserDataDir',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.win:11-', 'chrome.mac:11-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': '${users}/${user_name}/Chrome',
'id': 63,
'caption': '''Set user data directory''',
'desc': '''Configures the directory that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use for storing user data.
If you set this policy, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the provided directory regardless whether the user has specified the '--user-data-dir' flag or not.
See http://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default profile path will be used and the user will be able to override it with the '--user-data-dir' command line flag.''',
'label': '''Set user data directory''',
},
{
'name': 'DiskCacheDir',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:13-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': '${user_home}/Chrome_cache',
'id': 88,
'caption': '''Set disk cache directory''',
'desc': '''Configures the directory that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use for storing cached files on the disk.
If you set this policy, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the provided directory regardless whether the user has specified the '--disk-cache-dir' flag or not.
See http://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default cache directory will be used and the user will be able to override it with the '--disk-cache-dir' command line flag.''',
'label': '''Set disk cache directory''',
},
{
'name': 'DiskCacheSize',
'type': 'int',
'schema': { 'type': 'integer' },
'supported_on': ['chrome.*:17-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 104857600,
'id': 110,
'caption': '''Set disk cache size in bytes''',
'desc': '''Configures the cache size that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use for storing cached files on the disk.
If you set this policy, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the provided cache size regardless whether the user has specified the '--disk-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.
If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.
If this policy is not set the default size will be used and the user will be able to override it with the --disk-cache-size flag.''',
'label': '''Set disk cache size''',
},
{
'name': 'MediaCacheSize',
'type': 'int',
'schema': { 'type': 'integer' },
'supported_on': ['chrome.*:17-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 104857600,
'id': 111,
'caption': '''Set media disk cache size in bytes''',
'desc': '''Configures the cache size that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use for storing cached media files on the disk.
If you set this policy, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the provided cache size regardless whether the user has specified the '--media-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.
If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.
If this policy is not set the default size will be used and the user will be able to override it with the --media-cache-size flag.''',
'label': '''Set media disk cache size''',
},
{
'name': 'DownloadDirectory',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:11-', 'chrome_os:35-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': '/home/${user_name}/Downloads',
'id': 64,
'caption': '''Set download directory''',
'desc': '''Configures the directory that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use for downloading files.
If you set this policy, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the provided directory regardless whether the user has specified one or enabled the flag to be prompted for download location every time.
See http://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default download directory will be used and the user will be able to change it.''',
'label': '''Set download directory''',
},
{
'name': 'ClearSiteDataOnExit',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:11-28', 'chrome_os:11-28'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': True,
'id': 65,
'caption': '''Clear site data on browser shutdown (deprecated)''',
'desc': '''This policy has been retired as of <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 29.''',
'label': '''Clear site data on browser shutdown (deprecated)''',
},
{
'name': 'Proxy',
'type': 'group',
'caption': '''Proxy server''',
'desc': '''Allows you to specify the proxy server used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to auto detect the proxy server, all other options are ignored.
For detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>
If you enable this setting, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> ignores all proxy-related options specified from the command line.
Leaving these policies not set will allow the users to choose the proxy settings on their own.''',
'policies': [
{
'name': 'ProxyMode',
'type': 'string-enum',
'schema': {
'type': 'string',
'enum': [
'direct',
'auto_detect',
'pac_script',
'fixed_servers',
'system'
],
},
'items': [
{
'name': 'ProxyDisabled',
'value': 'direct',
'caption': '''Never use a proxy''',
},
{
'name': 'ProxyAutoDetect',
'value': 'auto_detect',
'caption': '''Auto detect proxy settings''',
},
{
'name': 'ProxyPacScript',
'value': 'pac_script',
'caption': '''Use a .pac proxy script''',
},
{
'name': 'ProxyFixedServers',
'value': 'fixed_servers',
'caption': '''Use fixed proxy servers''',
},
{
'name': 'ProxyUseSystem',
'value': 'system',
'caption': '''Use system proxy settings''',
},
],
'supported_on': [
'chrome.*:10-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'direct',
'id': 21,
'caption': '''Choose how to specify proxy server settings''',
'desc': '''Allows you to specify the proxy server used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to use system proxy settings or auto detect the proxy server, all other options are ignored.
If you choose fixed server proxy mode, you can specify further options in 'Address or URL of proxy server' and 'Comma-separated list of proxy bypass rules'.
If you choose to use a .pac proxy script, you must specify the URL to the script in 'URL to a proxy .pac file'.
For detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>
If you enable this setting, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> ignores all proxy-related options specified from the command line.
Leaving this policy not set will allow the users to choose the proxy settings on their own.''',
},
{
'name': 'ProxyServerMode',
'type': 'int-enum',
'schema': {
'type': 'integer',
'enum': [ 0, 1, 2, 3 ],
},
'items': [
{
'name': 'ProxyServerDisabled',
'value': 0,
'caption': '''Never use a proxy''',
},
{
'name': 'ProxyServerAutoDetect',
'value': 1,
'caption': '''Auto detect proxy settings''',
},
{
'name': 'ProxyServerManual',
'value': 2,
'caption': '''Manually specify proxy settings''',
},
{
'name': 'ProxyServerUseSystem',
'value': 3,
'caption': '''Use system proxy settings''',
},
],
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'deprecated': True,
'example_value': 2,
'id': 22,
'caption': '''Choose how to specify proxy server settings''',
'desc': '''This policy is deprecated, use ProxyMode instead.
Allows you to specify the proxy server used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to use system proxy settings or auto detect the proxy server, all other options are ignored.
If you choose manual proxy settings, you can specify further options in 'Address or URL of proxy server', 'URL to a proxy .pac file' and 'Comma-separated list of proxy bypass rules'.
For detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>
If you enable this setting, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> ignores all proxy-related options specified from the command line.
Leaving this policy not set will allow the users to choose the proxy settings on their own.''',
},
{
'name': 'ProxyServer',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': '123.123.123.123:8080',
'id': 23,
'caption': '''Address or URL of proxy server''',
'desc': '''You can specify the URL of the proxy server here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For more options and detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>''',
},
{
'name': 'ProxyPacUrl',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://internal.site/example.pac',
'id': 24,
'caption': '''URL to a proxy .pac file''',
'desc': '''You can specify a URL to a proxy .pac file here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>''',
},
{
'name': 'ProxyBypassList',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://www.example1.com,http://www.example2.com,http://internalsite/',
'id': 25,
'caption': '''Proxy bypass rules''',
'desc': '''<ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will bypass any proxy for the list of hosts given here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For more detailed examples, visit:
<ph name="PROXY_HELP_URL">http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett<ex>http://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-sett</ex></ph>''',
'label': '''Comma-separated list of proxy bypass rules''',
},
],
},
{
# TODO(joaodasilva): Make this the default and deprecate the other proxy
# policies once all providers are ready to load 'dict' policies.
# This is currently an internal policy.
# http://crbug.com/108992, http://crbug.com/108996
'name': 'ProxySettings',
'type': 'dict',
'schema': {
'type': 'object',
'properties': {
'ProxyMode': { 'type': 'string' },
'ProxyPacUrl': { 'type': 'string' },
'ProxyServer': { 'type': 'string' },
'ProxyBypassList': { 'type': 'string' },
'ProxyServerMode': { 'type': 'string' },
},
},
'supported_on': [
'chrome.*:18-',
'chrome_os:18-',
'android:30-',
'ios:34-',
],
'future': True,
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': { "ProxyMode": "direct" },
'id': 116,
'caption': '''Proxy settings''',
'desc': '''Configures the proxy settings for <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
This policy isn't ready for usage yet, please don't use it.''',
},
{
'name': 'HTTPAuthentication',
'type': 'group',
'caption': '''Policies for HTTP Authentication''',
'desc': '''Policies related to integrated HTTP authentication.''',
'policies': [
{
'name': 'AuthSchemes',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 'basic,digest,ntlm,negotiate',
'id': 26,
'caption': '''Supported authentication schemes''',
'desc': '''Specifies which HTTP Authentication schemes are supported by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.
If this policy is left not set, all four schemes will be used.''',
},
{
'name': 'DisableAuthNegotiateCnameLookup',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': False,
'id': 27,
'caption': '''Disable CNAME lookup when negotiating Kerberos authentication''',
'desc': '''Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.
If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.
If you disable this setting or leave it not set, the canonical name of the server will be determined via CNAME lookup.''',
},
{
'name': 'EnableAuthNegotiatePort',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': False,
'id': 28,
'caption': '''Include non-standard port in Kerberos SPN''',
'desc': '''Specifies whether the generated Kerberos SPN should include a non-standard port.
If you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN.
If you disable this setting or leave it not set, the generated Kerberos SPN will not include a port in any case.''',
},
{
'name': 'AuthServerWhitelist',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': '*example.com,foobar.com,*baz',
'id': 29,
'caption': '''Authentication server whitelist''',
'desc': '''Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> receives an authentication challenge from a proxy or from a server which is in this permitted list.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy not set <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet then IWA requests from it will be ignored by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
},
{
'name': 'AuthNegotiateDelegateWhitelist',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 'foobar.example.com',
'id': 30,
'caption': '''Kerberos delegation server whitelist''',
'desc': '''Servers that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> may delegate to.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy not set <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will not delegate user credentials even if a server is detected as Intranet.''',
},
{
'name': 'GSSAPILibraryName',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.linux:9-'],
'features': {
'dynamic_refresh': False,
'per_profile': False,
},
'example_value': 'libgssapi_krb5.so.2',
'id': 31,
'caption': '''GSSAPI library name''',
'desc': '''Specifies which GSSAPI library to use for HTTP Authentication. You can set either just a library name, or a full path.
If no setting is provided, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will fall back to using a default library name.''',
},
{
'name': 'AllowCrossOriginAuthPrompt',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:13-'],
'features': {
'dynamic_refresh': True,
'per_profile': False,
},
'example_value': False,
'id': 89,
'caption': '''Cross-origin HTTP Basic Auth prompts''',
'desc': '''Controls whether third-party sub-content on a page is allowed to pop-up an HTTP Basic Auth dialog box.
Typically this is disabled as a phishing defense. If this policy is not set, this is disabled and third-party sub-content will not be allowed to pop up a HTTP Basic Auth dialog box.''',
},
],
},
{
'name': 'Extensions',
'type': 'group',
'caption': '''Extensions''',
'desc': '''Configures extension-related policies. The user is not allowed to install blacklisted extensions unless they are whitelisted. You can also force <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to automatically install extensions by specifying them in <ph name="EXTENSIONINSTALLFORCELIST_POLICY_NAME">ExtensionInstallForcelist</ph>. Force-installed extensions are installed regardless whether they are present in the blacklist.''',
'policies': [
{
'name': 'ExtensionInstallBlacklist',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['extension_id1', 'extension_id2'],
'id': 32,
'caption': '''Configure extension installation blacklist''',
'desc': '''Allows you to specify which extensions the users can NOT install. Extensions already installed will be removed if blacklisted.
A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left not set the user can install any extension in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
'label': '''Extension IDs the user should be prevented from installing (or * for all)''',
},
{
'name': 'ExtensionInstallWhitelist',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['extension_id1', 'extension_id2'],
'id': 33,
'caption': '''Configure extension installation whitelist''',
'desc': '''Allows you to specify which extensions are not subject to the blacklist.
A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist.
By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy.''',
'label': '''Extension IDs to exempt from the blacklist''',
},
{
'name': 'ExtensionInstallForcelist',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:9-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx'],
'id': 34,
'caption': '''Configure the list of force-installed extensions''',
'desc': '''Allows you to specify a list of extensions that will be installed silently, without user interaction.
Each item of the list is a string that contains an extension ID and an update URL delimited by a semicolon (<ph name="SEMICOLON">;</ph>). The extension ID is the 32-letter string found e.g. on <ph name="CHROME_EXTENSIONS_LINK">chrome://extensions</ph> when in developer mode. The update URL should point to an Update Manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1">https://developer.chrome.com/extensions/autoupdate</ph>. Note that the update URL set in this policy is only used for the initial installation; subsequent updates of the extension will use the update URL indicated in the extension's manifest.
For each item, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will retrieve the extension specified by the extension ID from the update service at the specified update URL and silently install it.
For example, <ph name="EXTENSION_POLICY_EXAMPLE">lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx</ph> installs the <ph name="EXTENSION_POLICY_EXAMPLE_EXTENSION_NAME">Google SSL Web Search</ph> extension from the standard Chrome Web Store update URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2">https://developer.chrome.com/extensions/hosting</ph>.
Users will be unable to uninstall extensions that are specified by this policy. If you remove an extension from this list, then it will be automatically uninstalled by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. Extensions specified in this list are also automatically whitelisted for installation; the ExtensionsInstallBlacklist does not affect them.
If this policy is left not set the user can uninstall any extension in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
'label': '''Extension IDs and update URLs to be silently installed''',
},
{
'name': 'ExtensionInstallSources',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
'id': 'ExtensionInstallSources',
},
'supported_on': ['chrome.*:21-', 'chrome_os:21-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['https://corp.mycompany.com/*'],
'id': 148,
'caption': '''Configure extension, app, and user script install sources''',
'desc': '''Allows you to specify which URLs are allowed to install extensions, apps, and themes.
Starting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 21, it is more difficult to install extensions, apps, and user scripts from outside the Chrome Web Store. Previously, users could click on a link to a *.crx file, and <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> would offer to install the file after a few warnings. After <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 21, such files must be downloaded and dragged onto the <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> settings page. This setting allows specific URLs to have the old, easier installation flow.
Each item in this list is an extension-style match pattern (see https://developer.chrome.com/extensions/match_patterns). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.
ExtensionInstallBlacklist takes precedence over this policy. That is, an extension on the blacklist won't be installed, even if it happens from a site on this list.''',
'label': '''URL patterns to allow extension, app, and user script installs from''',
},
{
'name': 'ExtensionAllowedTypes',
'type': 'list',
'schema': {
'type': 'array',
'items': {
'type': 'string',
'enum': [
'extension',
'theme',
'user_script',
'hosted_app',
'legacy_packaged_app',
'platform_app'
],
},
'id': 'ExtensionAllowedTypes',
},
'supported_on': ['chrome.*:25-', 'chrome_os:25-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['hosted_app'],
'id': 168,
'caption': '''Configure allowed app/extension types''',
'desc': '''Controls which app/extension types are allowed to be installed.
This setting white-lists the allowed types of extension/apps that can be installed in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. The value is a list of strings, each of which should be one of the following: "extension", "theme", "user_script", "hosted_app", "legacy_packaged_app", "platform_app". See the <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> extensions documentation for more information on these types.
Note that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.
If this setting is configured, extensions/apps which have a type that is not on the list will not be installed.
If this settings is left not-configured, no restrictions on the acceptable extension/app types are enforced.''',
'label': '''Types of extensions/apps that are allowed to be installed''',
},
{
'name': 'ExtensionSettings',
'type': 'dict',
'schema': {
'type': 'object',
'patternProperties': {
'^[a-p]{32}$': {
'type': 'object',
'properties': {
'installation_mode': {
'type': 'string',
'enum': ['blocked', 'allowed', 'force_installed', 'normal_installed']
},
'update_url': { 'type': 'string' },
'blocked_permissions': {
'type': 'array',
'items': {
'type': 'string',
'pattern': '^[a-z][a-zA-Z.]*$',
},
'id': 'ListOfPermissions',
},
'allowed_permissions': {
'$ref': 'ListOfPermissions',
},
},
},
'^update_url:': {
'type': 'object',
'properties': {
'installation_mode': {
'type': 'string',
'enum': ['blocked', 'allowed']
},
'blocked_permissions': {
'$ref': 'ListOfPermissions',
},
'allowed_permissions': {
'$ref': 'ListOfPermissions',
},
},
},
},
'properties': {
'*': {
'type': 'object',
'properties': {
'installation_mode': {
'type': 'string',
'enum': ['blocked', 'allowed']
},
'blocked_permissions': {
'$ref': 'ListOfPermissions',
},
'install_sources': {
'$ref': 'ExtensionInstallSources',
},
'allowed_types': {
'$ref': 'ExtensionAllowedTypes',
},
},
},
},
},
'future': True,
'supported_on': ['chrome.*:40-', 'chrome_os:40-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': {
'abcdefghijklmnopabcdefghijklmnop' : {
'installation_mode': 'allowed',
'blocked_permissions': ['history'],
},
'bcdefghijklmnopabcdefghijklmnopa' : {
'installation_mode': 'force_installed',
'update_url': 'http://example.com/update_url',
'allowed_permissions': ['downloads'],
},
'update_url:http://www.example.com/update.xml': {
'blocked_permissions': ['wallpaper'],
},
'*': {
'installation_mode': 'blocked',
'blocked_permissions': ['downloads', 'bookmarks'],
'install_sources': ['http://company-intranet/chromeapps'],
'allowed_types': ['hosted_app'],
},
},
'id': 278,
'caption': 'Extension management settings',
'desc': '''Configures extension management settings for <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
This policy controls multiple settings, including settings controlled by any existing extension-related policies. This policy will override any legacy policies if both are set.
This policy maps an extension ID or an update URL to its configuration. With an extension ID, configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy. With an update URL, configuration will be applied to all extensions with the exact update URL stated in manifest of this extension, as described at <ph name="LINK_TO_EXTENSION_DOC1">https://developer.chrome.com/extensions/autoupdate</ph>.
The configuration for each extension (or extensions with same update URL) is another dictionary that can contain the fields documented below.
"installation_mode": maps to a string indicating the installation mode for the extension. The valid strings are:
* "allowed": allows the extension to be installed by the user. This is the default behavior.
* "blocked": blocks installation of the extension.
* "force_installed": the extension is automatically installed and can't be removed by the user.
* "normal_installed": the extension is automatically installed but can be disabled by the user.
The "installation_mode" can also be configured for multiple extensions as well, including the "*" extension (as default settings) and extensions with same update URL. Only the "allowed" and "blocked" values can be used in this case.
If the mode is set to "force_installed" or "normal_installed" then an "update_url" must be configured too. Note that the update URL set in this policy is only used for the initial installation; subsequent updates of the extension will use the update URL indicated in the extension's manifest. The update URL should point to an Update Manifest XML document as mentioned above.
"blocked_permissions": maps to a list of strings indicating the blocked API permissions for the extension. The permissions names are same as the permission strings declared in manifest of extension as described at <ph name="LINK_TO_EXTENSION_DOC3">https://developer.chrome.com/extensions/declare_permissions</ph>. This setting also can be configured for "*" extension. If the extension requires a permission which is on the blocklist, it will not be allowed to load. If it contains a blocked permission as optional requirement, it will be handled in the normal way, but requesting conflicting permissions will be declined automatically at runtime.
"allowed_permissions": similar to "blocked_permissions", but instead explicitly allow some permissions which might be blocked by global blocked permission list, thus can not be configured for "*" extension. Note that this setting doesn't give granted permissions to extensions automatically.
The following settings can be used only for the default "*" configuration:
"install_sources": Each item in this list is an extension-style match pattern (see https://developer.chrome.com/extensions/match_patterns). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.
"allowed_types": This setting whitelists the allowed types of extension/apps that can be installed in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. The value is a list of strings, each of which should be one of the following: "extension", "theme", "user_script", "hosted_app", "legacy_packaged_app", "platform_app". See the <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> extensions documentation for more information on these types.
This policy isn't ready for usage yet, please don't use it.
'''
},
],
},
{
'name': 'ShowHomeButton',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 35,
'caption': '''Show Home button on toolbar''',
'desc': '''Shows the Home button on <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>'s toolbar.
If you enable this setting, the Home button is always shown.
If you disable this setting, the Home button is never shown.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Leaving this policy not set will allow the user to choose whether to show the home button.''',
},
{
'name': 'DeveloperToolsDisabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:9-', 'chrome_os:11-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': False,
'id': 36,
'caption': '''Disable Developer Tools''',
'desc': '''Disables the Developer Tools and the JavaScript console.
If you enable this setting, the Developer Tools can not be accessed and web-site elements can not be inspected anymore. Any keyboard shortcuts and any menu or context menu entries to open the Developer Tools or the JavaScript Console will be disabled.
Setting this option to disabled or leaving it not set will allow the use to use the Developer Tools and the JavaScript console.''',
},
{
'name': 'RestoreOnStartupGroup',
'type': 'group',
'caption': '''Startup pages''',
'desc': '''Allows you to configure the pages that are loaded on startup.
The contents of the list 'URLs to open at startup' are ignored unless you select 'Open a list of URLs' in 'Action on startup'.''',
'policies': [
{
'name': 'RestoreOnStartup',
'type': 'int-enum',
'schema': {
'type': 'integer',
'enum': [ 1, 4, 5 ],
},
'items': [
{
'name': 'RestoreOnStartupIsNewTabPage',
'value': 5,
'caption': '''Open New Tab Page''',
},
{
'name': 'RestoreOnStartupIsLastSession',
'value': 1,
'caption': '''Restore the last session''',
},
{
'name': 'RestoreOnStartupIsURLs',
'value': 4,
'caption': '''Open a list of URLs''',
},
],
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 4,
'id': 37,
'caption': '''Action on startup''',
'desc': '''Allows you to specify the behavior on startup.
If you choose 'Open New Tab Page' the New Tab Page will always be opened when you start <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If you choose 'Restore the last session', the URLs that were open last time <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> was closed will be reopened and the browsing session will be restored as it was left.
Choosing this option disables some settings that rely on sessions or that perform actions on exit (such as Clear browsing data on exit or session-only cookies).
If you choose 'Open a list of URLs', the list of 'URLs to open on startup' will be opened when a user starts <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If you enable this setting, users cannot change or override it in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
Disabling this setting is equivalent to leaving it not configured. The user will still be able to change it in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
},
{
'name': 'RestoreOnStartupURLs',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:8-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['http://example.com', 'http://chromium.org'],
'id': 38,
'caption': '''URLs to open on startup''',
'desc': '''If 'Open a list of URLs' is selected as the startup action, this allows you to specify the list of URLs that are opened. If left not set no URL will be opened on start up.
This policy only works if the 'RestoreOnStartup' policy is set to 'RestoreOnStartupIsURLs'.''',
},
],
},
{
'name': 'BlockThirdPartyCookies',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:10-', 'chrome_os:11-'],
'features': {
'can_be_recommended': True,
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': False,
'id': 39,
'caption': '''Block third party cookies''',
'desc': '''Blocks third party cookies.
Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar.
Disabling this setting allows cookies to be set by web page elements that are not from the domain that is in the browser's address bar and prevents users from changing this setting.
If this policy is left not set, third party cookies will be enabled but the user will be able to change that.''',
},
{
# TODO(joaodasilva): Flag these policies with 'can_be_recommended'
# after fixing http://crbug.com/106683
'name': 'DefaultSearchProvider',
'type': 'group',
'caption': '''Default search provider''',
'desc': '''Configures the default search provider. You can specify the default search provider that the user will use or choose to disable default search.''',
'policies': [
{
'name': 'DefaultSearchProviderEnabled',
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': True,
'id': 40,
'caption': '''Enable the default search provider''',
'desc': '''Enables the use of a default search provider.
If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL.
You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider.
If you disable this setting, no search is performed when the user enters non-URL text in the omnibox.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
If this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list.''',
},
{
'name': 'DefaultSearchProviderName',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'My Intranet Search',
'id': 41,
'caption': '''Default search provider name''',
'desc': '''Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderKeyword',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'mis',
'id': 42,
'caption': '''Default search provider keyword''',
'desc': '''Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.
This policy is optional. If not set, no keyword will activate the search provider.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderSearchURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': [
'chrome.*:8-',
'chrome_os:11-',
'android:30-',
'ios:34-',
],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/search?q={searchTerms}',
'id': 43,
'caption': '''Default search provider search URL''',
'desc': '''Specifies the URL of the search engine used when doing a default search. The URL should contain the string '<ph name="SEARCH_TERM_MARKER">{searchTerms}</ph>', which will be replaced at query time by the terms the user is searching for.
This option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case.''',
},
{
'name': 'DefaultSearchProviderSuggestURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/suggest?q={searchTerms}',
'id': 44,
'caption': '''Default search provider suggest URL''',
'desc': '''Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '<ph name="SEARCH_TERM_MARKER">{searchTerms}</ph>', which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no suggest URL will be used.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderInstantURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:10-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/suggest?q={searchTerms}',
'id': 45,
'caption': '''Default search provider instant URL''',
'desc': '''Specifies the URL of the search engine used to provide instant results. The URL should contain the string <ph name="SEARCH_TERM_MARKER">'{searchTerms}'</ph>, which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no instant search results will be provided.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderIconURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/favicon.ico',
'id': 46,
'caption': '''Default search provider icon''',
'desc': '''Specifies the favorite icon URL of the default search provider.
This policy is optional. If not set, no icon will be present for the search provider.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderEncodings',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['UTF-8', 'UTF-16', 'GB2312', 'ISO-8859-1'],
'id': 47,
'caption': '''Default search provider encodings''',
'desc': '''Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.
This policy is optional. If not set, the default will be used which is UTF-8.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderAlternateURLs',
'type': 'list',
'schema': {
'type': 'array',
'items': { 'type': 'string' },
},
'supported_on': ['chrome.*:24-', 'chrome_os:24-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': ['http://search.my.company/suggest#q={searchTerms}', 'http://search.my.company/suggest/search#q={searchTerms}'],
'id': 161,
'caption': '''List of alternate URLs for the default search provider''',
'desc': '''Specifies a list of alternate URLs that can be used to extract search terms from the search engine. The URLs should contain the string <ph name="SEARCH_TERM_MARKER">'{searchTerms}'</ph>, which will be used to extract the search terms.
This policy is optional. If not set, no alternate urls will be used to extract search terms.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderSearchTermsReplacementKey',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:25-', 'chrome_os:25-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'espv',
'id': 171,
'caption': '''Parameter controlling search term placement for the default search provider''',
'desc': '''If this policy is set and a search URL suggested from the omnibox contains this parameter in the query string or in the fragment identifier, then the suggestion will show the search terms and search provider instead of the raw search URL.
This policy is optional. If not set, no search term replacement will be performed.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderImageURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:29-', 'chrome_os:29-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/searchbyimage/upload',
'id': 229,
'caption': '''Parameter providing search-by-image feature for the default search provider''',
'desc': '''Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.
This policy is optional. If not set, no image search will be used.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderNewTabURL',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:30-', 'chrome_os:30-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'http://search.my.company/newtab',
'id': 237,
'caption': '''Default search provider new tab page URL''',
'desc': '''Specifies the URL that a search engine uses to provide a new tab page.
This policy is optional. If not set, no new tab page will be provided.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderSearchURLPostParams',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:29-', 'chrome_os:29-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'q={searchTerms},ie=utf-8,oe=utf-8',
'id': 230,
'caption': '''Parameters for search URL which uses POST''',
'desc': '''Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderSuggestURLPostParams',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:29-', 'chrome_os:29-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'q={searchTerms},ie=utf-8,oe=utf-8',
'id': 231,
'caption': '''Parameters for suggest URL which uses POST''',
'desc': '''Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, suggest search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderInstantURLPostParams',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:29-', 'chrome_os:29-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'q={searchTerms},ie=utf-8,oe=utf-8',
'id': 232,
'caption': '''Parameters for instant URL which uses POST''',
'desc': '''Specifies the parameters used when doing instant search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, instant search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
{
'name': 'DefaultSearchProviderImageURLPostParams',
'type': 'string',
'schema': { 'type': 'string' },
'supported_on': ['chrome.*:29-', 'chrome_os:29-', 'android:30-'],
'features': {
'dynamic_refresh': True,
'per_profile': True,
},
'example_value': 'content={imageThumbnail},url={imageURL},sbisrc={SearchSource}',
'id': 233,
'caption': '''Parameters for image URL which uses POST''',
'desc': '''Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.
This policy is optional. If not set, image search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.''',
},
],
},
{
# TODO(joaodasilva): Flag these policies with 'can_be_recommended'
# after fixing http://crbug.com/106682
'name': 'ContentSettings',
'type': 'group',