Suppress location permission popups via Chrome policy#136
Merged
Conversation
…popups Set DefaultGeolocationSetting to 2 (BlockGeolocation) to prevent all location permission popups from appearing in Chrome. This blocks geolocation requests for all sites without prompting the user. Verified against Chromium source at /home/debianuser/chromium-cache/src: - Policy name: DefaultGeolocationSetting - Value 2 = BlockGeolocation (blocks all geolocation requests) - Policy definition: components/policy/resources/templates/policy_definitions/ContentSettings/DefaultGeolocationSetting.yaml
hiroTamada
approved these changes
Jan 28, 2026
rgarcia
added a commit
that referenced
this pull request
Jan 29, 2026
…cycles The Policy struct only defined fields it explicitly used, causing any other fields in policy.json to be silently dropped when AddExtension performed a read-modify-write cycle. This broke the DefaultGeolocationSetting added in #136. Changes: - Add custom UnmarshalJSON/MarshalJSON to preserve unknown JSON fields - Simplify Policy struct to only include fields we programmatically modify (ExtensionInstallForcelist, ExtensionSettings) - All other Chrome policy settings are now automatically preserved - Add comprehensive tests for the preservation behavior This allows policy.json to contain any Chrome policy setting without requiring Go struct updates, as long as we don't need to modify it in code. Fixes issue introduced by #136
4 tasks
rgarcia
added a commit
that referenced
this pull request
Jan 29, 2026
…cycles (#138) ## Summary - Fix bug where `DefaultGeolocationSetting` (and any other non-struct fields) were silently dropped when `AddExtension` performed a read-modify-write cycle on `policy.json` - Simplify `Policy` struct to only include fields we programmatically modify (`ExtensionInstallForcelist`, `ExtensionSettings`) - Add custom `UnmarshalJSON`/`MarshalJSON` methods to preserve all unknown JSON fields ## Context This fixes an issue introduced by #136, which added `DefaultGeolocationSetting` to `policy.json`. The Go `Policy` struct didn't have this field, so when the JSON was unmarshaled and re-marshaled (e.g., during `AddExtension`), the field was silently dropped. ## Solution Instead of requiring every Chrome policy field to be defined in the Go struct, we now: 1. Only define struct fields for settings we need to modify programmatically 2. Preserve all other fields through an `unknownFields map[string]json.RawMessage` This means you can add any Chrome policy setting to `policy.json` without Go code changes. ## Test plan - [x] Added unit tests for field preservation through unmarshal/marshal cycles - [x] Tests verify unknown fields survive modification of known fields - [x] `go build ./...` passes - [x] `go test ./lib/policy/...` passes <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches JSON (un)marshaling for enterprise policy persistence; bugs here could corrupt or drop policy settings during writes, though changes are localized and covered by new tests. > > **Overview** > Fixes `policy.json` read-modify-write behavior so **non-modeled Chrome policy fields are preserved** instead of being silently removed when updating extension policies. > > This simplifies `Policy` to only the fields the code mutates (`ExtensionInstallForcelist`, `ExtensionSettings`) and adds custom `MarshalJSON`/`UnmarshalJSON` logic to round-trip all other keys via an `unknownFields` map. New unit tests cover unknown-field preservation, modifying known fields while retaining unknown ones, and `ExtensionInstallForcelist` round-tripping. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 81e35e8. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
DefaultGeolocationSetting: 2to the Chrome policy configuration to suppress all location permission popups. This prevents sites from requesting geolocation access and blocks the popup that says " wants to know your location".Changes
DefaultGeolocationSetting: 2(BlockGeolocation) toshared/chromium-policies/managed/policy.json2corresponds to "Do not allow any site to track the users' physical location" per Chromium policy definitionsVerification
Verified against Chromium source at
/home/debianuser/chromium-cache/src:DefaultGeolocationSetting✓components/policy/resources/templates/policy_definitions/ContentSettings/DefaultGeolocationSetting.yaml✓2=BlockGeolocation(blocks all geolocation requests without prompting) ✓Policy Verification
Also verified all existing policies in
policy.jsonare recognized in Chromium source:PasswordManagerEnabledAutofillCreditCardEnabledTranslateEnabledDefaultNotificationsSettingDefaultSearchProviderEnabledDefaultSearchProviderNameDefaultSearchProviderSearchURLDefaultSearchProviderSuggestURLNewTabPageLocationExtensionSettingsNote
Blocks all site geolocation requests without prompting by adding
DefaultGeolocationSetting: 2toshared/chromium-policies/managed/policy.json. No other policy changes.Written by Cursor Bugbot for commit 78ea535. This will update automatically on new commits. Configure here.