If you’re a web developer, you should by now be very well aware that Google has begun to block insecure content resources in Chrome.
Over the past several years, there’s been a mass transition from insecure HTTP to securely delivered websites via HTTPS. That’s great news of course.
What’s not so great is that HTTPS websites continue to link to bits of content from insecure origins via HTTP. This can include things from images and video, to downloadable files such as PDFs and ZIPs.
Google refers to this scenario as mixed content in an HTTPS website. They’ve made the issue known to the public, and on the Chromium blog, have announced their intention to gradually issue warnings and then block non-secure content in future releases.
The process has begun for images, video, and audio. By default, Chrome is already blocking iframes and scripts from insecure origins.
Now, Google has announced they will proceed with warning, and then ultimately blocking insecure file downloads as well. Below is their schedule for future releases starting with Chrome 81, due March 2020.
Chrome 86 is anticipated to be released from October 2020. By then, all insecure content will be blocked, and that includes the inability to download files.