Webwide is the inclusive forum community for web designers, developers & makers.

Whether you're an enthusiast, in training, or a seasoned pro – you'll fit right in at Webwide. We understand that our community is one of creation which is why we, unlike many other discussion forums, encourage sharing of your own projects and content. Creating a forum account is fast, easy and completely free so you can start participating right away.

Read our Code of Conduct

Free Forum Membership Benefits

  • Participate in hundreds of interesting discussions
  • Network with industry peers and make new connections
  • Show off your own projects and relevant content
  • Get help and feedback for your coding and designs
  • Buy and sell services and resources in the marketplace
  • Participate in our friendly community challenges
  • Earn trophies and work your way up our leaderboards
  • Enjoy exclusive Webwide member discounts and offers
  • ...and so much more!

Google Chrome to block insecure downloads starting this spring

Adam

Mr. Webwide
Administrator
Joined
Sep 24, 2019
Messages
822
Reaction score
841
Points
915
Location
United Kingdom
Local Time
Today, 14:31
Website
adgr.dev
Pronouns
he/him
Screenshot of Chrome download manager with the text 'file.ext can't be downloaded securely. [Discard]'


  • In Chrome 81 (released March 2020) and later:
    • Chrome will print a console message warning about all mixed content downloads.
  • In Chrome 82 (released April 2020):
    • Chrome will warn on mixed content downloads of executables (e.g. .exe).
  • In Chrome 83 (released June 2020):
    • Chrome will block mixed content executables
    • Chrome will warn on mixed content archives (.zip) and disk images (.iso).
  • In Chrome 84 (released August 2020):
    • Chrome will block mixed content executables, archives and disk images
    • Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
  • In Chrome 85 (released September 2020):
    • Chrome will warn on mixed content downloads of images, audio, video, and text
    • Chrome will block all other mixed content downloads
  • In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

chart.png-796x266.jpg
 
Last edited:

UnitPrice.org

Member
Joined
Oct 7, 2019
Messages
30
Reaction score
25
Points
218
Website
unitprice.org
Sounds like a great idea to me. I think we’ve finally realized that we can’t leave it totally up to the end-user to be safe and secure. More layers of protection need to happen automatically.

I’m somewhat surprised this hasn’t been done sooner, but I suppose HTTPS has only risen to prominence in the last few years, with most sites finally enabling that.
 
  • Like
Reactions: Sharkie and Adam

Gummibeer

Well-known member
Joined
Oct 5, 2019
Messages
747
Reaction score
631
Points
635
Age
27
Location
Hamburg, Germany
Local Time
Today, 15:31
Website
gummibeer.de
How about adding it to the CSP? And chrome only enforces a https rule?
This way we would have much more control and could disable downloads at all on a given page.
We could even harden it more by a dedicated DSP (download security policy) to define downloadable file types, source domains and possibly even public signing keys to verify the file origin.
 
  • Like
Reactions: v1rtl and Adam

v1rtl

teen webdev
Gold Member
Joined
Oct 10, 2019
Messages
22
Reaction score
17
Points
355
Location
Near Moscow
Local Time
Today, 17:31
Website
v1rtl.site
Pronouns
bruh
sounds like a good thing. HTTPS is affordable thru Let's Encrypt so I see no reason to use HTTP outside of localhost
 
  • Like
Reactions: Gummibeer
Top