caption: Enable PAC URL stripping (for https://)
deprecated: true
desc: |-
Strips privacy and security sensitive parts of https:// URLs before passing them on to PAC scripts (Proxy Auto Config) used by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> during proxy resolution.
When True, the security feature is enabled, and https:// URLs are
stripped before submitting them to a PAC script. In this manner the PAC
script is not able to view data that is ordinarily protected by an
encrypted channel (such as the URL's path and query).
When False, the security feature is disabled, and PAC scripts are
implicitly granted the ability to view all components of an https://
URL. This applies to all PAC scripts regardless of origin (including
those fetched over an insecure transport, or discovered insecurely
through WPAD).
This defaults to True (security feature enabled).
It is recommended that this be set to True. The only reason to set it to
False is if it causes a compatibility problem with existing PAC scripts.
The policy will be removed in M75.
example_value: true
features:
dynamic_refresh: false
per_profile: false
owners:
- [email protected]
schema:
type: boolean
supported_on:
- chrome.*:52-74
- chrome_os:52-74
tags:
- system-security
type: main
Codebase Browser
chromium