Google has announced its plan to block mixed content downloads in Chrome in February 2020 and now the day to block mixed content downloads is coming soon as we are nearing October when Chrome 86 is supposed to be released.
What is mixed content downloads? According to Google, it is non-HTTPS downloads started on secure pages. For example, if you access a page called https://example.com/download, and in this page, there is a download link to http://download.example.com/something, this download link will not work.
This is a security measure from Google to improve security of download so that malicious content can be prevented.
The planned schedule for blocking mixed content downloads are:
- Chrome 81 (March 2020) - Chrome will print a console message warning about all mixed content downloads.
- Chrome 82 (April 2020) - Chrome will warn on mixed content downloads of executables (e.g. .exe).
- Chrome 83 (June 2020) - Chrome will block mixed content executables. Chrome will warn on mixed content archives (.zip) and disk images (.iso).
- Chrome 84 (August 2020) - Chrome will block mixed content executables, archives and disk images. Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
- Chrome 85 (September 2020) - Chrome will warn on mixed content downloads of images, audio, video, and text. Chrome will block all other mixed content downloads.
- Chrome 86 (October 2020) - Chrome will block all mixed content downloads
What do you need to do as a developer or website maintainer?
- Check all the resources(CSS, JS etc) loaded in your webpage are using secure links. Can rely on some certificate validation tool to help.
- Developers can activate a warning on all mixed content downloads for testing by enabling the "Treat risky downloads over insecure connections as active mixed content" flag at
chrome://flags/#treat-unsafe-downloads-as-active-content
. - If you haven't enabled HTTPS for your site yet, go and do it to secure your site and protect data security
- Create plan for optimizing and improving site performance as enabling HTTPS would increase resource consumption.