1
0
mirror of https://github.com/TommyTran732/Microsoft-Edge-Policies synced 2024-11-04 10:11:33 -05:00

Remove SSLErrorOverrideAllowed

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-12-05 03:51:49 -07:00
parent c9c3bae861
commit 9ffdf66393
No known key found for this signature in database
GPG Key ID: D30DEC268D3FEB17
3 changed files with 1 additions and 5 deletions

View File

@ -114,7 +114,6 @@
"RendererAppContainerEnabled": true, "RendererAppContainerEnabled": true,
"RendererCodeIntegrityEnabled": true, "RendererCodeIntegrityEnabled": true,
"ResolveNavigationErrorsUseWebService": false, "ResolveNavigationErrorsUseWebService": false,
"SSLErrorOverrideAllowed": false,
"SearchSuggestEnabled": false, "SearchSuggestEnabled": false,
"ShowAcrobatSubscriptionButton": false, "ShowAcrobatSubscriptionButton": false,
"ShowMicrosoftRewards": false, "ShowMicrosoftRewards": false,

View File

@ -9,6 +9,7 @@ For corporate environments, you will need make approprieate changes, including b
- Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones. - Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
- Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode. - Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
- Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know. - Remove the uBlock Origin Lite extension whitelist. I am not aware of any way to block users from granting uBlock Origin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know.
- Set `SSLErrorOverrideAllowed` to false.
- Further restrict permissions that websites can prompt for. - Further restrict permissions that websites can prompt for.
- Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization. - Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization.
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings. - Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.
@ -17,8 +18,6 @@ For corporate environments, you will need make approprieate changes, including b
The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json` The mandatory prolicies should be put in `/etc/opt/edge/policies/managed/managed.json`, and the recommended policies should be put in `/etc/opt/edge/policies/recommended/recommended.json`
The
## macOS ## macOS
The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist` The mandatory prolicies should be put in `/Library/Managed Preferences/com.microsoft.Edge.plist`, and the recommended policies should be put in `/Library/Preferences/com.microsoft.Edge.plist`

View File

@ -234,8 +234,6 @@
<true /> <true />
<key>ResolveNavigationErrorsUseWebService</key> <key>ResolveNavigationErrorsUseWebService</key>
<false /> <false />
<key>SSLErrorOverrideAllowed</key>
<false />
<key>SearchSuggestEnabled</key> <key>SearchSuggestEnabled</key>
<false /> <false />
<key>ShowAcrobatSubscriptionButton</key> <key>ShowAcrobatSubscriptionButton</key>