02 April 20, 16:28
Quote:Continue Reading
Google announced in late 2019 that it will change how the company's Chrome web browser handles mixed content. Mixed content refers to insecure content being loaded on secure sites; a basic example is a site that is accessible via HTTPS but loads some elements, e.g. images or scripts, from an insecure source, e.g. HTTP. One of the main issues with insecure content is that insecure content can be manipulated.
Tip: if you want to find out how your browser handles mixed content, load this mixed content test page to find out about it. You may need to open the Developer Tools (using F12) and open the Console to see if audio, video, and image content was upgraded by the browser automatically.
The Chrome browser blocks dynamic content, e.g. iFrame or script content, already if it is loaded from an insecure source. Insecure downloads will also be blocked in coming versions of the Chrome browser.
Google introduced new auto-upgrade and blocking functionality of mixed content in Chrome 80 which it released in February 2020. Chrome 80 attempts to upgraded audio and video content that is loaded via HTTP on HTTPS sites so that the content is also delivered using HTTPS. If that fails, the media is blocked in the browser instead.
Starting in Chrome 81, Google Chrome will do the same for images. If images are encountered on HTTPS webpages that are loaded via HTTP, Chrome will attempt to upgrade those. If that fails, Chrome will block these images so that they won't be loaded anymore.
The Chrome Platform Status listing highlights that the change will be made in all Chrome versions (Chrome for desktop and Android, as well as Android WebView).
Quote:This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. Image mixed content autoupgrades are targeted for M81.
Chrome attempts to upgrade the elements automatically but will block them if that fails as some sites may already support serving the insecure content via HTTPS but don't due to configuration issues or other issues. It is still likely that Chrome users may run into issues from time to time with content that is not loaded anymore once Chrome is upgraded to version 81.
Google plans to release Chrome 81 next week and skip Chrome 82 to jump directly to Chrome 83 at the end of May 2020. Please note that the change has not yet landed in recent versions of the browser and that it is possible that it will be postponed.
...