30 Mar Chrome 81 Will Not Load Mixed Content via @martinibuster
Chrome 81 Will auto-upgrade mixed content images without a fallback. This has the potential to break websites.
Fortunately there is no need to panic because there are good reasons why this is going to be good news for publishers.
Upgrade Mixed Content to HTTPS
Sometimes websites will load as HTTP without redirecting to HTTPS. There is also the situation where a site might have old image assets that are coded with http, perhaps using absolute URLs (http://www) instead of relative URLs (/images/example.jpg).
What Chrome 81 will do is change the http URL of images to https so that it is “autoupgraded” to the more secure https protocol.
The change that’s important for Chrome 81 is that there is no fallback. That means that if an image asset cannot be loaded via https then Google will not show the image, potentially breaking the web page.
While potentially breaking the web page sounds bad, it’s not. Keep reading to learn why this is a good thing.
This is how Chrome’s Platform Status page describes it:
“This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS.
Why No Fallback?
Google reasons that there are three benefits to not showing insecure content.
- The first benefit is that the user experience is improved by delivering a website within a 100% secure environment.
- The second benefit is that the speed of the site is improved since the insecure image content is no longer downloaded.
- The third benefit is to the web publisher because the security warning can be removed, thereby no longer potentially scaring a site visitor with a warning about insecure content.
According to Google:
“Upgrade all mixed content to HTTPS
This would auto-upgrade all HTTP content we see in sites delivered over HTTPS, including both content that would have been blocked and content that would have been allowed.This would enable us to completely remove the mixed content shield (in the case without fallback), and security chip degradations, since mixed content would either be upgraded, or not loaded.
…providing no fallback increases security (since HTTP content will not be loaded at all in sites delivered over HTTPS) and speed (since an extra request will not be made), and decreases implementation complexity, however it increases potential for breakage due to content not available over HTTPS.”
No Security Warning is a Good Thing
This change in how Chrome 81 handles mixed content is good for publishers.
The following is the kind of warning that Chrome currently gives when it encounters an insecure web page:
With this change, Chrome will no longer show the above warning for sites that can have their images autoupgraded as well as for sites that will no longer download insecure images.
That’s a win-win for publishers and for users.
The Sky is Not Falling
This is an important update but it’s done in a way that benefits users and publishers. Users are protected and publishers will not lose traffic. In my opinion this change is good because Chrome will no longer be scaring site visitors with warnings on websites with mixed content.
Resources
There are resources available for scanning your site to identify if there are any hidden mixed content issues.
Fixing your site is easy if you have WordPress because there are plugins that can help you easily fix mixed content issues sitewide with the click of a button.
Visit this article and scroll down to find all relevant resources for fixing your site:Google Chrome Will Block Mixed Content
Citations
Read Google’s status page Autoupgrade Image Mixed Content
https://www.chromestatus.com/feature/4926989725073408
Google Docs Document on Mixed Content Handling
Sorry, the comment form is closed at this time.