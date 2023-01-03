



Today, most websites worthy of considering visitor privacy and security are encrypted with an SSL certificate. This extra layer of protection ensures anyone navigating that URLs are changed from HTTP to HTTPS and that proper precautions have been taken and the latest security standards have been implemented.

For example, when you fill out an online form or visit your bank’s website, click the lock icon in the upper left corner of your browser’s address bar to see this information and rest easy. When it comes to downloads, Chrome already blocks files from websites marked as insecure or HTTP, but even if the website is actually HTTPS or marked as secure, You can link to the download link. cheat you

Whether this is intentional or not, this mixed content approach is dangerous for users and Google is doing something about it. In a new Chromium commit first spotted by 9to5Google, the development team has completely blocked the ability for users to download files from insecure locations (or conversely, have files automatically pushed when visiting websites). I’m trying

Block unsafe downloads

Enable blocking of insecure downloads. If a user tries to download a file directly over an insecure transport (such as HTTP) or through an insecure redirect, they will see a blocked message.

#block-insecure-downloads

This means that even if a mixed content site that offers safe and unsafe downloads redirects to a different link, Chrome will detect this and stop the nonsense. Luckily, if you’ve already decided you trust the source and your web developer isn’t set up properly, you’ll be able to bypass this blocking mechanism when it’s enabled in Chrome version 111 in a few months. Become.

For now this will be just a developer flag that can be toggled. Otherwise, I won’t be able to hear anything about it as a regular user until it’s implemented. No, but be aware if it happens.

