Google is taking another step to ensure users are safe while browsing the internet. With the new Canary update, Google will be blocking insecure downloads over HTTPS websites. The change, which was rolled out to Dev and Canary users has now been put on hold.
According to a thread on Chromium blog, Google will soon treat insecure downloads on HTTPS websites as mixed content and will make an attempt to block. The error on the Developer Console clarifies that Chrome expects downloads to happen over secure HTTPS protocol.
The site at ‘https://example.com/1.html was loaded over a secure connection, but the file at ‘http://site.com/x.exe’ was redirected through an insecure connection. This file should be served over HTTPS.
– Google (message from Chrome’s Developer Console)
To test the feature, you will have to be running Chrome Canary or Dev and have the flag “treat risky downloads over insecure connections as active mixed content” enabled. The rollout has currently been halted but we do expect Google to roll out the update soon.