Webwide is the inclusive forum community for web designers, developers & makers.

Whether you're an enthusiast, in training, or a seasoned pro – you'll fit right in at Webwide. We understand that our community is one of creation which is why we, unlike many other discussion forums, encourage sharing of your own projects and content. Creating a forum account is fast, easy and completely free so you can start participating right away.

Create Free Account or sign in with existing account/social login

Read our Code of Conduct

Free Forum Membership Benefits

  • Participate in hundreds of interesting discussions
  • Network with industry peers and make new connections
  • Show off your own projects and relevant content
  • Get help and feedback for your coding and designs
  • Buy and sell services and resources in the marketplace
  • Participate in our friendly community challenges
  • Earn trophies and work your way up our leaderboards
  • Enjoy exclusive Webwide member discounts and offers
  • ...and so much more!

Google Chrome to block insecure downloads starting this spring

Adam

Adam

Mr. Webwide
Administrator
Joined
Sep 24, 2019
Messages
1,138
Reaction score
1,169
Points
1,115
Location
United Kingdom
Local Time
Today, 19:36
Credits
10,478
Pronouns
he/him
security.googleblog.com

Protecting users from insecure downloads in Google Chrome

Posted by Joe DeBlasio, Chrome security team Update (04/06/2020): Chrome was originally scheduled to start user-visible warnings on mixed ...
security.googleblog.com security.googleblog.com
Screenshot of Chrome download manager with the text 'file.ext can't be downloaded securely. [Discard]'


  • In Chrome 81 (released March 2020) and later:
    • Chrome will print a console message warning about all mixed content downloads.
  • In Chrome 82 (released April 2020):
    • Chrome will warn on mixed content downloads of executables (e.g. .exe).
  • In Chrome 83 (released June 2020):
    • Chrome will block mixed content executables
    • Chrome will warn on mixed content archives (.zip) and disk images (.iso).
  • In Chrome 84 (released August 2020):
    • Chrome will block mixed content executables, archives and disk images
    • Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
  • In Chrome 85 (released September 2020):
    • Chrome will warn on mixed content downloads of images, audio, video, and text
    • Chrome will block all other mixed content downloads
  • In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

chart.png-796x266.jpg
 
Last edited:
U

UnitPrice.org

Member
Joined
Oct 7, 2019
Messages
34
Reaction score
26
Points
218
Website
unitprice.org
Credits
0
Sounds like a great idea to me. I think we’ve finally realized that we can’t leave it totally up to the end-user to be safe and secure. More layers of protection need to happen automatically.

I’m somewhat surprised this hasn’t been done sooner, but I suppose HTTPS has only risen to prominence in the last few years, with most sites finally enabling that.
 
  • Like
Reactions: Sharkie and Adam
Gummibeer

Gummibeer

Astroneer
Joined
Oct 5, 2019
Messages
1,060
Reaction score
889
Points
985
Age
27
Location
Hamburg, Germany
Local Time
Today, 20:36
Website
gummibeer.de
Credits
2,031
Real Name
Tom Witkowski
How about adding it to the CSP? And chrome only enforces a https rule?
This way we would have much more control and could disable downloads at all on a given page.
We could even harden it more by a dedicated DSP (download security policy) to define downloadable file types, source domains and possibly even public signing keys to verify the file origin.
 
  • Like
Reactions: v1rtl and Adam
v1rtl

v1rtl

teen webdev
Joined
Oct 10, 2019
Messages
23
Reaction score
21
Points
355
Location
Near Moscow
Local Time
Today, 21:36
Website
v1rtl.site
Credits
0
Pronouns
bruh
sounds like a good thing. HTTPS is affordable thru Let's Encrypt so I see no reason to use HTTP outside of localhost
 
  • Like
Reactions: Gummibeer
You must log in or register to reply here.

New Threads

grantsmith
  • 4
Help Wanted Toggle aria-expanded="false" to "true"
Replies
4
Views
17
JavaScript
grantsmith
grantsmith
anghelvalentin9
  • 0
Increase Productivity with Microsoft PowerToys
Replies
0
Views
10
Software
anghelvalentin9
anghelvalentin9
Adam
    • Wow
  • 2
🙅🏼‍♂️ Spam watch
Replies
2
Views
28
Webwide Meta & Feedback
Gummibeer
Gummibeer
grantsmith
    • Like
  • 3
Help Wanted Navbar review
Replies
3
Views
67
HTML & CSS
grantsmith
grantsmith
Top