if (desktop_environment_options.enable_security_key()) {By moving `SecurityKeyExtension` creation here, it is added unconditionally (if the host option is enabled), bypassing the `security_key_auth_policy_enabled_` check that used to be in `RemotingMe2MeHost`.
Because `SecurityKeyExtensionSession` no longer has access to policies, it will process gnubby control/data messages even if the enterprise policy disables it, potentially causing a policy bypass.
To fix this in the interim before the data channel migration is complete, read the local policy from `local_session_policies_provider_`. This will ensure you are on par with the old behavior.
if (security_key_auth_policy_enabled_ &&Since `SecurityKeyExtension` lifecycle has been moved to `ClientSession`, `security_key_auth_policy_enabled_` is no longer used to gate the extension.
As mentioned in the TODO above `OnGnubbyAuthPolicyUpdate()`, this callback and the associated host restart logic can likely be completely removed now.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |