Google has announced that Chrome will soon start rejecting insecure content loaded on an otherwise secure page. In a blog post on 3rd October titled ‘No More Mixed Messages About HTTPS’ the search giant revealed their plans to tighten up security and provide a clearer experience for users by blocking any content on an HTTPS page that is loaded over an insecure HTTP connection.
The changes will begin to take effect in December with the release of Chrome 79 where they will add a new setting to unblock mixed content on each site. This setting will affect any insecure content already blocked by chrome such as scripts and iframes.
The next step will be introduced in Chrome 80, coming to early release versions in January 2020, when the browser will block insecure audio and video, although it will auto-upgrade these to HTTPS first and only block content if that fails. Users will be able to unblock audio and video content using the setting introduced in Chrome 79. This version will still allow insecure images to load but will mark the site as ‘Not Secure’.
Finally, Chrome 81 will auto-upgrade insecure images to HTTPS and block any that fail. Chrome 81 will be released to early versions of Chrome in February 2020.