--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -73,42 +73,42 @@ var Policies = {
setAndLockPref("network.automatic-ntlm-auth.trusted-uris", param.NTLM.join(", "));
}
}
},
"BlockAboutAddons": {
onBeforeUIStartup(manager, param) {
if (param) {
- manager.disallowFeature("about:addons", true);
+ blockAboutPage(manager, "about:addons", true);
}
}
},
"BlockAboutConfig": {
onBeforeUIStartup(manager, param) {
if (param) {
- manager.disallowFeature("about:config", true);
+ blockAboutPage(manager, "about:config", true);
setAndLockPref("devtools.chrome.enabled", false);
}
}
},
"BlockAboutProfiles": {
onBeforeUIStartup(manager, param) {
if (param) {
- manager.disallowFeature("about:profiles", true);
+ blockAboutPage(manager, "about:profiles", true);
}
}
},
"BlockAboutSupport": {
onBeforeUIStartup(manager, param) {
if (param) {
- manager.disallowFeature("about:support", true);
+ blockAboutPage(manager, "about:support", true);
}
}
},
"Bookmarks": {
onAllWindowsRestored(manager, param) {
BookmarksPolicies.processBookmarks(param);
}
@@ -197,19 +197,19 @@ var Policies = {
"DisableDeveloperTools": {
onBeforeAddons(manager, param) {
if (param) {
setAndLockPref("devtools.policy.disabled", true);
setAndLockPref("devtools.chrome.enabled", false);
manager.disallowFeature("devtools");
- manager.disallowFeature("about:devtools");
- manager.disallowFeature("about:debugging");
- manager.disallowFeature("about:devtools-toolbox");
+ blockAboutPage(manager, "about:devtools");
+ blockAboutPage(manager, "about:debugging");
+ blockAboutPage(manager, "about:devtools-toolbox");
}
}
},
"DisableFeedbackCommands": {
onBeforeUIStartup(manager, param) {
if (param) {
manager.disallowFeature("feedbackCommands");
@@ -272,17 +272,17 @@ var Policies = {
}
}
},
"DisablePrivateBrowsing": {
onBeforeAddons(manager, param) {
if (param) {
manager.disallowFeature("privatebrowsing");
- manager.disallowFeature("about:privatebrowsing", true);
+ blockAboutPage(manager, "about:privatebrowsing", true);
setAndLockPref("browser.privatebrowsing.autostart", false);
}
}
},
"DisableProfileImport": {
onBeforeUIStartup(manager, param) {
if (param) {
@@ -337,17 +337,17 @@ var Policies = {
}
},
"DisableTelemetry": {
onBeforeAddons(manager, param) {
if (param) {
setAndLockPref("datareporting.healthreport.uploadEnabled", false);
setAndLockPref("datareporting.policy.dataSubmissionEnabled", false);
- manager.disallowFeature("about:telemetry");
+ blockAboutPage(manager, "about:telemetry");
}
}
},
"DisplayBookmarksToolbar": {
onBeforeUIStartup(manager, param) {
let value = (!param).toString();
// This policy is meant to change the default behavior, not to force it.
@@ -529,17 +529,17 @@ var Policies = {
"InstallAddonsPermission": {
onBeforeUIStartup(manager, param) {
if ("Allow" in param) {
addAllowDenyPermissions("install", param.Allow, null);
}
if ("Default" in param) {
setAndLockPref("xpinstall.enabled", param.Default);
if (!param.Default) {
- manager.disallowFeature("about:debugging");
+ blockAboutPage(manager, "about:debugging");
}
}
}
},
"NoDefaultBookmarks": {
onProfileAfterChange(manager, param) {
if (param) {
@@ -839,8 +839,55 @@ function runOncePerModification(actionNa
let oldPolicyValue = Services.prefs.getStringPref(prefName, undefined);
if (policyValue === oldPolicyValue) {
log.debug(`Not running action ${actionName} again because the policy's value is unchanged`);
return;
}
Services.prefs.setStringPref(prefName, policyValue);
callback();
}
+
+let gChromeURLSBlocked = false;
+
+// If any about page is blocked, we block the loading of all
+// chrome:// URLs in the browser window.
+function blockAboutPage(manager, feature, neededOnContentProcess = false) {
+ manager.disallowFeature(feature, neededOnContentProcess);
+ if (!gChromeURLSBlocked) {
+ blockAllChromeURLs();
+ gChromeURLSBlocked = true;
+ }
+}
+
+let ChromeURLBlockPolicy = {
+ shouldLoad(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
+ if (aContentLocation.scheme == "chrome" &&
+ aContentType == Ci.nsIContentPolicy.TYPE_DOCUMENT &&
+ aRequestOrigin &&
+ aRequestOrigin.spec == "chrome://browser/content/browser.xul" &&
+ aContentLocation.host != "mochitests") {
+ return Ci.nsIContentPolicy.REJECT_REQUEST;
+ }
+ return Ci.nsIContentPolicy.ACCEPT;
+ },
+ shouldProcess(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
+ return Ci.nsIContentPolicy.ACCEPT;
+ },
+ classDescription: "Policy Engine Content Policy",
+ contractID: "@mozilla-org/policy-engine-content-policy-service;1",
+ classID: Components.ID("{ba7b9118-cabc-4845-8b26-4215d2a59ed7}"),
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),
+ createInstance(outer, iid) {
+ return this.QueryInterface(iid);
+ },
+};
+
+
+function blockAllChromeURLs() {
+ let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+ registrar.registerFactory(ChromeURLBlockPolicy.classID,
+ ChromeURLBlockPolicy.classDescription,
+ ChromeURLBlockPolicy.contractID,
+ ChromeURLBlockPolicy);
+
+ let cm = Cc["@mozilla.org/categorymanager;1"].getService(Ci.nsICategoryManager);
+ cm.addCategoryEntry("content-policy", ChromeURLBlockPolicy.contractID, ChromeURLBlockPolicy.contractID, false, true);
+}