-
Andreea Costinas authored
Currently System-proxy sends the policy set credentials with every connect request to a remote proxy. Since less secure authentication schemes send the credentials in clear to the proxy, an attacker can easily obtain the policy set credentials. This CL allows admins to restrict the auth schemes for which System-proxy can use the policy set credentials. - manually tested proxies set by extensions (managed and user installed extensions) Bug: 1132247 Test: - browser_tests --gtest_filter=SystemProxyManagerPolicyCredentialsBrowserTest Change-Id: I4583762b565ec43bfdad8be4c6db87d3e2bec223 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2484444Reviewed-by:Pavol Marko <pmarko@chromium.org> Reviewed-by:
Omar Morsi <omorsi@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Cr-Commit-Position: refs/heads/master@{#823964}
b43b430e
