Hi blink-dev! Starting shortly after HTTPS Upgrades <https://groups.google.com/a/chromium.org/g/blink-dev/c/cAS525en8XE> ships, Chrome will start showing warnings when a user downloads files over an insecure (i.e. non-TLS) connection. This builds on top of the previously shipped <https://groups.google.com/a/chromium.org/g/blink-dev/c/ExW7oa5kMrk/m/Y7x7cxMTAwAJ> blocking of insecurely delivered files initiated on secure pages ("mixed downloads").
This user-agent intervention should cause no site breakage, but it may mean users see additional (bypassable) warnings if your site relies on insecure downloads. Developers who wish to avoid their users seeing these warnings should ensure that all downloads are served securely -- warnings are triggered when insecure HTTP is used by the final download URL, any URLs that redirect to the download, or on the page on which the download was initiated. While there isn't a public explainer for this change, a blog post with additional details is forthcoming. I'm also happy to answer any additional questions here. Joe -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFZs0S5nA%2BBv3z%3DkQuJWZEtsxz%2B_6Q4ghHdi0dWeWnfV7vrtJQ%40mail.gmail.com.
