Google Chrome will soon start blocking insecure HTTP downloads
Google Chrome developers wrote on their blog that they would block the "download of mixed content" on HTTPS-protected pages with resources on HTTP. Yes, friends, what is so far showing as warning or an error in the developer console will be blocked soon:
Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure image 'http://domain.com/wp-content/uploads/2019/01/logo.png'. This content should also be served over HTTPS.
Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure favicon 'http://domain.com/favicon.png'. This request has been blocked; the content must be served over HTTPS.
Mixed Content Errors
This way, developers will block all insecure resources on secure HTTPS pages. But don’t worry - we still have time to fix all the errors of mixed content. At first (from the version of Chrome 82, which will be released in April 2020), the Chrome browser will notify, but only in future versions it will already block executable files, for example .exe, .apk, etc.
Further, other types of files, such as .zip, .iso, will fall under the lock, and everything will end in the version of Chrome 86, which will be released in October 2020, where all downloads of mixed content, that is, all file types, will be blocked. For convenience, the developers have posted a roadmap for innovations with blocking mixed content:
Mixed Content Errors for Mobile Devices
It’s worth noting that Chrome will delay the application of notifications and blocking mixed content for Android and iOS users by one release, which will lead to warnings in the Chrome 83 release. Google Chrome developers believe that mobile platforms have better built-in protection against malicious files, and this the delay will give webmasters the opportunity to start updating their sites before the innovation affects mobile users.
How to activate mixed content blocking
By the way, in the current version of Google Chrome, you can already activate the blocking of mixed content to test your sites - for this, in the address bar of the Chrome browser you must enter the following address (flag):
Latest Blog Posts