caption: Block access to a list of URL patterns during authentication
desc: |-
Setting the policy prevents webpages with prohibited URLs from loading during user authentication (e.g. in the login screen and lock screen). It provides a list of URL patterns that specify forbidden URLs. Leaving the policy unset means no URLs are prohibited during authentication. Format the URL pattern according to this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ).
Exceptions to these patterns can be defined in the related policy <ph name="DEVICE_AUTHENTICATION_URL_ALLOWLIST_POLICY_NAME">DeviceAuthenticationURLAllowlist</ph>.
Certain URLs are necessary for authentication to succeed, including accounts.google.com, so they should not be blocked if online sign-in is required.
Note: This policy does not apply to in-page JavaScript URLs with dynamically loaded data. If you blocked example.com/abc, then example.com could still load it using XMLHTTPRequest.
device_only: true
example_value:
- example.com
- https://ssl.server.com
- hosting.com/bad_path
- https://server:8080/path
- .exact.hostname.com
- file://*
- custom_scheme:*
- '*'
features:
dynamic_refresh: true
per_profile: false
owners:
- [email protected]
- [email protected]
schema:
items:
type: string
type: array
supported_on:
- chrome_os:117-
tags:
- filtering
type: list
generate_device_proto: False
Codebase Browser
chromium