Google Chrome Blocks File Downloads over HTTP

Google Chrome blocks file downloads over https

Beginning with the June release of Google Chrome 83, Google will start blocking “risky” file downloads that occur over HTTP.

The ban applies only to downloads originating from sites loaded via HTTPS. If the downloads originate from an HTTP site, the download won’t be blocked, as users will already have been notified that the site is not secure.

Having HTTPS in the site’s URL led many users to believe that the download was also secure when it was not. Google wants to prevent this confusion with future updates.   

Over the next few Chrome releases throughout 2020, Google will enact a six-step process to ban HTTP downloads from HTTPS sites. Beginning with Chrome 82 in April 2020, Chrome will start warning users about mixed content downloads. By the time Chrome 86 is released in October 2020, Chrome will block all mixed content downloads. In the interim, Google has a schedule of warning then blocking certain file types with each update.

For mobile browsers on iOS and Android, the rollout will be delayed by one version. Warnings will begin with Chrome 83 for mobile users.

Webmasters can test whether their sites will comply with future updates by using Google Chrome Canary using the following Chrome flag.

Google first proposed in the idea in April 2019 in an effort to get other browsers to do the same. They announced their official plans to move forward in February 2020.

What is HTTPS?

HTTPS is a secure version of HTTP. While HTTPS was once used only on websites containing sensitive data, it’s become a standard practice for websites.

When you visit a website with HTTP, it’s easy for others on the Wi-Fi network or for your internet service provider to see the websites you’re visiting. Additionally, there’s no way to verify whether you’re visiting the correct website. It might look like the bank’s website, but it could be a phishing scam.

With HTTPS, no one can see what you’re doing. This offers safety and security to online shoppers and other users conducting sensitive transactions.

Web browsers are encouraging websites to move to HTTPS by rewarding them with faster speeds. Sites simply need to use HTTPS encryption to achieve faster compression, pipelining and other features.

Securing your website with a secure sockets layer (SSL) and HTTPS encryption will protect your users and allow them to browse your site without running into mixed content related issues. 

To learn more about how you can keep your website secure, contact IDMI.Net.