03.03.2020

Google Chrome will soon start blocking insecure HTTP downloads

Google Chrome will soon start blocking insecure HTTP downloads

Google Chrome developers wrote on their blog that they would block the "download of mixed content" on HTTPS-protected pages with resources on HTTP. Yes, friends, what is so far showing as warning or an error in the developer console will be blocked soon:

Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure image 'http://domain.com/wp-content/uploads/2019/01/logo.png'. This content should also be served over HTTPS.
Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure favicon 'http://domain.com/favicon.png'. This request has been blocked; the content must be served over HTTPS.

Mixed Content Errors

This way, developers will block all insecure resources on secure HTTPS pages. But don’t worry - we still have time to fix all the errors of mixed content. At first (from the version of Chrome 82, which will be released in April 2020), the Chrome browser will notify, but only in future versions it will already block executable files, for example .exe, .apk, etc.

Further, other types of files, such as .zip, .iso, will fall under the lock, and everything will end in the version of Chrome 86, which will be released in October 2020, where all downloads of mixed content, that is, all file types, will be blocked. For convenience, the developers have posted a roadmap for innovations with blocking mixed content:

Mixed Content Errors for Mobile Devices

It’s worth noting that Chrome will delay the application of notifications and blocking mixed content for Android and iOS users by one release, which will lead to warnings in the Chrome 83 release. Google Chrome developers believe that mobile platforms have better built-in protection against malicious files, and this the delay will give webmasters the opportunity to start updating their sites before the innovation affects mobile users.

How to activate mixed content blocking

By the way, in the current version of Google Chrome, you can already activate the blocking of mixed content to test your sites - for this, in the address bar of the Chrome browser you must enter the following address (flag):

chrome://flags/#treat-unsafe-downloads-as-active-content

Latest news

HostingHutor.com is now in Telegram: chat with support, bot, channel
04.05.2020
HostingHutor.com is now in Telegram: chat with support, bot, channel
Dear users! Now we are in Telegram! Support chat, bot for sending notifications from your personal account and channel.
Schedule and payment processing for the May day holidays
29.04.2020
Schedule and payment processing for the May day holidays
Dear users! Check out the schedule for processing bank transfers during the May day holidays.
Google Chrome will soon blocking insecure HTTP downloads
03.03.2020
Google Chrome will soon blocking insecure HTTP downloads
At first, Chrome will warn, but in future releases it will already block unsafe HTTP downloads.
Starting January 13, only the new IBAN bank account standard is valid!
13.01.2020
Starting January 13, only the new IBAN bank account standard is valid!
Starting today, the bank code and current account in Ukraine will replace the bank account number according to the IBAN standard.

Latest Blog Posts

New virus Coronavirus (COVID-19) and cyber fraud on the Internet
02.03.2020
New virus Coronavirus (COVID-19) and cyber fraud on the Internet
The panic surrounding the coronavirus COVID-19 is used by cyber fraudsters on the Internet - phishing, selling masks, vaccines and tests.
Mail is not sent - check if the internet provider is blocking port 25
11.01.2020
Mail is not sent - check if the internet provider is blocking port 25
How to check if provider is blocking port 25 using the command line in Windows. How to send mail if port 25 is blocked.
How to install Clam AntiVirus (ClamAV) on a VPS or server with CentOS
11.11.2019
How to install Clam AntiVirus (ClamAV) on a VPS or server with CentOS
Install Clam AntiVirus (ClamAV) on VPS / VDS or a dedicated server with CentOS OS and configure daily server scan.
ISPmanager no longer supports backup to Yandex.Disk
20.10.2019
ISPmanager no longer supports backup to Yandex.Disk
Within a week, Yandex.Disk will disappear from the list of backup storage in the ISPmanager panel and other ISPsystem products.

Popular domains