Codebase Browser
chromium
Go to App

chromium/components/policy/resources/templates/policy_definitions/Miscellaneous/AlwaysOnVpnPreConnectUrlAllowlist.yaml 

caption: Allow user browser access to a list of URLs while Always-on VPN is active in strict mode with lockdown enabled and the VPN is not connected
desc: |-
  This policy only applies to browser traffic; the Play Store, Android apps web navigation and other user traffic like Linux VM traffic or print jobs, still honor the restrictions imposed by the Always-on VPN. This policy is only enforced while the VPN is not connected and only for user browser traffic. While this policy is enforced, system traffic can also bypass the Always-on VPN to perform tasks like policy fetches and synchronizing the system clock.

  Use this policy to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths, using the format specified at https://support.google.com/chrome/a?p=url_blocklist_filter_format. The most specific filter determines if a URL is blocked or allowed.

  If the <ph name="ALWAYSON_VPN_PRE_CONNECT_URL_ALLOWLIST_POLICY_NAME">AlwaysOnVpnPreConnectUrlAllowlist</ph> is set, an Always-on VPN is configured and the Always-on VPN is not connected, navigation to all hosts is blocked, except for those allowed by the <ph name="ALWAYSON_VPN_PRE_CONNECT_URL_ALLOWLIST_POLICY_NAME">AlwaysOnVpnPreConnectUrlAllowlist</ph> policy. In this device state, the <ph name="URL_BLOCKLIST_POLICY_NAME">URLBlocklist</ph> and <ph name="URL_ALLOWLIST_POLICY_NAME">URLAllowlist</ph> are ignored. When the Always-on VPN connects, the <ph name="URL_BLOCKLIST_POLICY_NAME">URLBlocklist</ph> and <ph name="URL_ALLOWLIST_POLICY_NAME">URLAllowlist</ph> policies are applied and the <ph name="ALWAYSON_VPN_PRE_CONNECT_URL_ALLOWLIST_POLICY_NAME">AlwaysOnVpnPreConnectUrlAllowlist</ph> policy is ignored.

  This policy is limited to 1,000 entries.

  Leaving the policy unset prevents any browser navigation while the Always-on VPN with strict mode is active and the VPN is not connected.

example_value:
- example.com
- https://ssl.server.com
- hosting.com/good_path
- https://server:8080/path
- .exact.hostname.com
features:
  dynamic_refresh: true
  per_profile: true
supported_on:
- chrome_os:122-
owners:
- [email protected]
- [email protected]
schema:
  items:
    type: string
  type: array
tags: []
type: list