Google Chrome will soon block insecure downloads over HTTPS websites

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Google Chrome

Google is taking another step to ensure users are safe while browsing the internet. With the new Canary update, Google will be blocking insecure downloads over HTTPS websites. The change, which was rolled out to Dev and Canary users has now been put on hold.

According to a thread on Chromium blog, Google will soon treat insecure downloads on HTTPS websites as mixed content and will make an attempt to block. The error on the Developer Console clarifies that Chrome expects downloads to happen over secure HTTPS protocol.

The site at ‘https://example.com/1.html was loaded over a secure connection, but the file at ‘http://site.com/x.exe’ was redirected through an insecure connection. This file should be served over HTTPS.

– Google (message from Chrome’s Developer Console)

To test the feature, you will have to be running Chrome Canary or Dev and have the flag “treat risky downloads over insecure connections as active mixed content” enabled. The rollout has currently been halted but we do expect Google to roll out the update soon.

Via Techdows

User forum

0 messages