From 9ffdf66393e2632d036e79d24c2d7268db3d7341 Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 5 Dec 2023 03:51:49 -0700 Subject: [PATCH] Remove SSLErrorOverrideAllowed Signed-off-by: Tommy --- Linux/managed.json | 1 - README.md | 3 +-- macOS/Managed Preferences/com.microsoft.Edge.plist | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/Linux/managed.json b/Linux/managed.json index 5e92c06..7704c8c 100644 --- a/Linux/managed.json +++ b/Linux/managed.json @@ -114,7 +114,6 @@ "RendererAppContainerEnabled": true, "RendererCodeIntegrityEnabled": true, "ResolveNavigationErrorsUseWebService": false, - "SSLErrorOverrideAllowed": false, "SearchSuggestEnabled": false, "ShowAcrobatSubscriptionButton": false, "ShowMicrosoftRewards": false, diff --git a/README.md b/README.md index 86a54c1..cfb757c 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ For corporate environments, you will need make approprieate changes, including b - Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones. - Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode. - Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know. +- Set `SSLErrorOverrideAllowed` to false. - Further restrict permissions that websites can prompt for. - Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization. - Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings. @@ -17,8 +18,6 @@ For corporate environments, you will need make approprieate changes, including b The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json` -The - ## macOS The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist` diff --git a/macOS/Managed Preferences/com.microsoft.Edge.plist b/macOS/Managed Preferences/com.microsoft.Edge.plist index 151bd0b..1346d6d 100644 --- a/macOS/Managed Preferences/com.microsoft.Edge.plist +++ b/macOS/Managed Preferences/com.microsoft.Edge.plist @@ -234,8 +234,6 @@ ResolveNavigationErrorsUseWebService - SSLErrorOverrideAllowed - SearchSuggestEnabled ShowAcrobatSubscriptionButton