Create group policy options for Shields

Description

Add group policy support for Shields (up/down). This will support individual URLs and patterns

• Added BraveShieldsDisabledForUrls to disable shields urls
• Added BraveShieldsEnabledForUrls to enable shields urls

For the design, see Figma: https://www.figma.com/file/3A6F6VrxVahiZFxLr7j7FO/Desktop-Shields?node-id=2695%3A49651

Behavior notes

This is an overview of what the user should expect when the policy is set.

Behavior when DISABLED

When the site being visited matches the URL or the pattern:

• shields should be DISABLED
• when clicking shields (to open advanced panel), person should see shields disabled
• shields itself should NOT be toggleable
• the other settings will never show up because shields are down

Behavior when ENABLED

When the site being visited matches the URL or the pattern:

• shields should be ENABLED
• when clicking shields (to open advanced panel), person should see shields enabled
• shields itself should NOT be toggleable (should be grayed out)
• none of the sub-values (block ads, https upgrade, block script, block fingerprint, block cookie) should be toggleable. It should be grayed out.

Example of how to add the group policy (Windows)

1. Open regedit.exe
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
3. Create the key (folders) BraveSoftware\Brave\ if they don’t already exist

How to add the shields DISABLE policy

1. Create a new key (folder) BraveShieldsDisabledForUrls inside the root (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\)
2. You can now add REG_SZ (string value) for any sites you wish to mark as disabled.

The entries need to created in a numbered fashion. Let’s say you want to add two values. You would create:

• REG_SZ value 1 set to https://www.example.com
• REG_SZ value 2 set to [*.]brave.com

This would DISABLE shields on brave.com and all subdomains. It would also DISABLE shields on https://www.example.com - but NOT on other subdomains (or if you leave www. out for example).

How to add the shields ENABLE policy

1. Create a new key (folder) BraveShieldsEnabledForUrls inside the root (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\)
2. You can now add REG_SZ (string value) for any sites you wish to mark as enabled.

The entries need to created in a numbered fashion. Let’s say you want to add two values. You would create:

• REG_SZ value 1 set to [*.]twitter.com
• REG_SZ value 2 set to https://www.example.com

This would ENABLE shields on brave.com and all subdomains. It would also ENABLE shields on https://www.example.com - but NOT on other subdomains (or if you leave www. out for example).

Adding using a .reg file (also on Windows)

1. Create a new empty file called shields-policy.reg
2. Open it in Notepad and put this for the content:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\BraveShieldsEnabledForUrls]
"1"="[*.]twitter.com"
"2"="https://www.example.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave\BraveShieldsDisabledForUrls]
"1"="https://www.example.com"
"2"="[*.]brave.com"

1. Save the file and close it
2. Double click the shields-policy.reg file
3. You can use regedit.exe to confirm it was added

Test plan

Go through above - download/run the registry key. Verify that

• install is showing as managed (in hamburger menu)
• behavior matches expected behavior above