07 November 19, 12:01
Quote:Continue Reading
Google Chrome will soon block all mixed content by default. Google revealed a plan in October that details how the company's Chrome browser will handle mixed content in the next release versions.
Mixed content refers to sites that load via HTTPS but use HTTP resources. A simple example is a site that loads an image via HTTP while the page itself is accessed via HTTPS. Chrome blocks scripts and iframes by default if they are loaded via HTTP on HTTPS sites but allows static content such as images to be displayed.
The behavior threatens the privacy and security of users according to Google as an "attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource load".
Starting with Chrome 79 Stable, expected to be released in December 2019, Chrome will gradually upgrade or block mixed content that it encounters.
The company announced the following timeline:
* Chrome 79 -- New option in Site Settings to unblock mixed content in Google Chrome for specific sites. Just click on the icon in front of the address and select Site Settings from the interface that opens; Chrome loads the Site Settings for the site in question. Locate Insecure Content to change it to Ask or Allow for that particular site.
* Chrome 80 -- Audio and Video resources will be upgraded to HTTPS automatically if possible. If that is not possible, they will be blocked.
* Chrome 80 -- Mixed images will still load but Chrome displays a "not secure" label in the address bar.
* Chrome 81 -- Mixed images will be upgraded to HTTPS if possible or blocked if that is not possible.
Chrome users may use the insecure content site setting to allow blocked resources on a particular site.
Mozilla, maker of Firefox, implemented a new preference in Firefox 60 to allow mixed content in the browser. It is turned off by default, however.
...