Security News > 2020 > February > Chrome Will Block Insecure Downloads on HTTPS Pages
In an attempt to improve the security of its users, the Chrome browser will soon start blocking insecure downloads on HTTPS pages, Google announced.
The announcement comes just days after the release of Chrome 80, which by default blocks mixed audio and video resources if they cannot be automatically upgraded to HTTPS. The same will happen with image files in Chrome 81, which is expected to be released to the stable channel in March 2020.
Chrome 85 will warn of mixed content downloads of images, audio, video, and text, and will block all other mixed content downloads, while Chrome 86, which is expected to arrive in the stable channel in October 2020, will completely block all mixed content downloads.
For testing purposes, developers can already activate a warning on all mixed content downloads in the current version of Chrome Canary, or in Chrome 81 once released.
For enterprises and educational institutions, Google provides an option to disable blocking on a per-site basis via the InsecureContentAllowedForUrls policy, by adding a pattern that matches the page that requests the insecure download. "In the future, we expect to further restrict insecure downloads in Chrome. We encourage developers to fully migrate to HTTPS to avoid future restrictions and fully protect their users," Google concludes.