I believe you're looking for https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled, which appears to be supported as of version 100.
Charlie On Mon, Mar 7, 2022 at 9:07 AM T K <[email protected]> wrote: > Hi , > When will the Enterprise Policy be released, and how it will look like? > For on premise customers patching the system, it is a long process that > might take more than M106 (around September) > Thanks, > Tuvia. > > > On Monday, February 14, 2022 at 7:28:18 PM UTC+2 Daniel Vogelheim wrote: > >> Hi all, just a brief update: >> >> - The warning should go live on M100 >> <https://chromiumdash.appspot.com/schedule?mstone=100>. >> - Flipping the default is planned for M106 but there'll be a >> separate intent (and thus additional discussion), as requested. >> - A deprecation warning for cross-domain access (based on previous >> document.domain setting) is in the works, and will either make it to M100 >> also, or will land shortly after. >> - Additional info: Blog post >> <https://developer.chrome.com/blog/immutable-document-domain/>; plus >> some technical notes >> <https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/document-domain.md> >> . >> >> On Wed, Jan 26, 2022 at 5:35 PM Daniel Bratell <[email protected]> wrote: >> >>> LGTM3 >>> >>> /Daniel >>> On 2022-01-14 13:58, Daniel Vogelheim wrote: >>> >>> Hi all, >>> Hi Yoav, >>> >>> Thanks for the feedback. I'd like to modify the intent timeline as >>> follows: >>> >>> M99: Start showing a deprecation warning. >>> M99-105: Watch use counters + outreach to top-N users. >>> M105: Deprecate the feature by default. >>> >>> Enabling/disabling will be via Finch, so we have an emergency shut-off. >>> >>> An enterprise policy is already in place. >>> >>> On Wed, Jan 12, 2022 at 6:45 PM Yoav Weiss <[email protected]> wrote: >>> >>>> Hey Daniel! >>>> >>>> While searching for this intent review, I stumbled upon >>>> https://developer.chrome.com/blog/immutable-document-domain/ >>>> That's a useful piece of documentation! Thanks +Eiji Kitamura!! >>>> >>>> This intent was just discussed at the API owner meeting (where Chris, >>>> Rego, Daniel, Philip, Alex, MikeT and myself were present). >>>> This change seems risky in terms of potential breakage when looking at >>>> our stats, and that's even before talking about enterprises, where a lot of >>>> the API owners feel the risk is even higher. >>>> >>>> Given that, here's a few potential next steps to try and reduce that >>>> risk: >>>> >>>> - UKM and outreach to specific large users of the API can maybe >>>> help drive the usage down. >>>> >>>> >>> Will do. With Lutz' help I just checked the UKM we have on this, and it >>> seems the usage is quite heavily concentrated on large sites. The >>> top-quartile of remaining public usage is just 9 sites; top-half is ~35. >>> We'll try to reach out to them. >>> >>> >>>> >>>> - A deprecation period of 3 milestones feels a bit short here. Is >>>> the expectation that turning on the opt-out header can be done under >>>> that >>>> period? >>>> >>>> As above, we'll happily go up on this. >>> >>> My reasoning why 3 milestones would be reasonable was that there is a >>> "safe" opt-out. That is, if one wishes to preserve old behaviour, or isn't >>> sure, or just wants to postpone the issue, one can just add >>> 'Origin-Agent-Cluster: ?0" and deal with it later. This is quite different >>> from e.g. CSP, where adding new CSP headers might require a lot of work and >>> testing. >>> >>> >>>> >>>> - A report-only mode could have allowed sites to try and enable >>>> this, without risking actual breakage for their documents/properties >>>> that >>>> use document.domain. This is doubly true for platforms that want to warn >>>> their customers about this upcoming deprecation, but without taking >>>> risks >>>> on their behalf. At the same time, it is true that they could collect >>>> deprecation reports (thanks for adding those!) instead during the >>>> deprecation period, which can be considered an on-by-default report-only >>>> mode. Can y'all add specific guidance on deprecation reports to the >>>> documentation? >>>> >>>> >>> We see the deprecation warning - without any behavioural changes - as >>> effectively being the report-only mode. We'll be more clear in the >>> documentation. >>> >>> >>>> >>>> - It'd be helpful to reach out to enterprise folks and see what >>>> their responses may be for this. +Greg Whitworth. >>>> - This probably requires an Enterprise Policy, to reduce the risk >>>> for managed installs. +bheenan@ for opinions on that front. >>>> >>>> I agree, and an enterprise policy is already in place. >>> >>> >>>> >>>> - Is there a plan to eventually remove the opt-out option? Or is it >>>> the plan to have it in place permanently? >>>> >>>> >>> There is no plan. The current logic is relatively easy to maintain, so >>> we have not made any plan to remove the opt-out. >>> >>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1e6e989a-3e73-4b04-8112-c999522a6a88n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1e6e989a-3e73-4b04-8112-c999522a6a88n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH%2B8MBa%2B3BAgpKuVaowua_Rz-B5nVHpQGbR-eTRt%3D1S-S29A2g%40mail.gmail.com.
