Bug 1484843 - Add policy for disabling DNS over HTTPS. r=flod,Felipe,jkt, a=pascalc
authorMichael Kaply <mozilla@kaply.com>
Tue, 09 Oct 2018 19:06:57 +0000
changeset 490268 66ab8622488c
parent 490267 db5fb5feecf9
child 490269 f439e5f9e3d3
push id9969
push userryanvm@gmail.com
push dateThu, 11 Oct 2018 17:41:24 +0000
treeherdermozilla-beta@f439e5f9e3d3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersflod, Felipe, jkt, pascalc
bugs1484843
milestone63.0
Bug 1484843 - Add policy for disabling DNS over HTTPS. r=flod,Felipe,jkt, a=pascalc Differential Revision: https://phabricator.services.mozilla.com/D7743
browser/components/enterprisepolicies/Policies.jsm
browser/components/enterprisepolicies/schemas/policies-schema.json
browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
browser/locales/en-US/browser/policies/policies-descriptions.ftl
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -193,16 +193,36 @@ var Policies = {
           setAndLockPref("network.cookie.lifetimePolicy", newLifetimePolicy);
         } else {
           setDefaultPref("network.cookie.lifetimePolicy", newLifetimePolicy);
         }
       }
     },
   },
 
+  "DNSOverHTTPS": {
+    onBeforeAddons(manager, param) {
+      if ("Enabled" in param) {
+        let mode = param.Enabled ? 2 : 5;
+        if (param.Locked) {
+          setAndLockPref("network.trr.mode", mode);
+        } else {
+          setDefaultPref("network.trr.mode", mode);
+        }
+      }
+      if (param.ProviderURL) {
+        if (param.Locked) {
+          setAndLockPref("network.trr.uri", param.ProviderURL.href);
+        } else {
+          setDefaultPref("network.trr.uri", param.ProviderURL.href);
+        }
+      }
+    },
+  },
+
   "DisableAppUpdate": {
     onBeforeAddons(manager, param) {
       if (param) {
         manager.disallowFeature("appUpdate");
       }
     },
   },
 
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -136,16 +136,31 @@
         },
 
         "Locked": {
           "type": "boolean"
         }
       }
     },
 
+    "DNSOverHTTPS": {
+      "type": "object",
+      "properties": {
+        "Enabled": {
+          "type": "boolean"
+        },
+        "ProviderURL": {
+          "type": "URLorEmpty"
+        },
+        "Locked": {
+          "type": "boolean"
+        }
+      }
+    },
+
     "DisableAppUpdate": {
       "machine_only": true,
 
       "type": "boolean"
     },
 
     "DisableBuiltinPDFViewer": {
       "type": "boolean"
--- a/browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policies_simple_pref_policies.js
@@ -149,16 +149,45 @@ const POLICIES_TESTS = [
       "privacy.clearOnShutdown.downloads": true,
       "privacy.clearOnShutdown.formdata": true,
       "privacy.clearOnShutdown.history": true,
       "privacy.clearOnShutdown.sessions": true,
       "privacy.clearOnShutdown.siteSettings": true,
       "privacy.clearOnShutdown.offlineApps": true,
     },
   },
+
+  // POLICY: DNSOverHTTPS Locked
+  {
+    policies: {
+      "DNSOverHTTPS": {
+        "Enabled": true,
+        "ProviderURL": "http://example.com/provider",
+        "Locked": true,
+      },
+    },
+    lockedPrefs: {
+      "network.trr.mode": 2,
+      "network.trr.uri": "http://example.com/provider",
+    },
+  },
+
+  // POLICY: DNSOverHTTPS Unlocked
+  {
+    policies: {
+      "DNSOverHTTPS": {
+        "Enabled": false,
+        "ProviderURL": "http://example.com/provider",
+      },
+    },
+    unlockedPrefs: {
+      "network.trr.mode": 5,
+      "network.trr.uri": "http://example.com/provider",
+    },
+  },
 ];
 
 add_task(async function test_policy_remember_passwords() {
   for (let test of POLICIES_TESTS) {
     await setupPolicyEngineWithJson({
       "policies": test.policies,
     });
 
--- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl
+++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl
@@ -65,16 +65,18 @@ policy-DisableSetDesktopBackground = Dis
 policy-DisableSystemAddonUpdate = Prevent the browser from installing and updating system add-ons.
 
 policy-DisableTelemetry = Turn off Telemetry.
 
 policy-DisplayBookmarksToolbar = Display the Bookmark Toolbar by default.
 
 policy-DisplayMenuBar = Display the Menu Bar by default.
 
+policy-DNSOverHTTPS = Configure DNS over HTTPS.
+
 policy-DontCheckDefaultBrowser = Disable check for default browser on startup.
 
 policy-EnableTrackingProtection = Enable or disable Content Blocking and optionally lock it.
 
 policy-Extensions = Install, uninstall or lock extensions. The Install option takes URLs or paths as parameters. The Uninstall and Locked options take extension IDs.
 
 policy-FlashPlugin = Allow or deny usage of the Flash plugin.