Chrome intends to block insecurely-delivered downloads initiated from secure contexts ("mixed content downloads"). Chrome will begin warning on, then blocking, progressively more mixed content downloads until all such downloads are silently blocked.
Downloads over insecure contexts present a risk to users. Once downloaded, a malicious file can circumvent any protections Chrome puts in place. Further, Chrome does not and can not warn users by downgrading security indicators on secure pages that initiate insecure downloads, as it does not reliably know whether an action will initiate an insecure download until the request is made.
Status in Chromium
Browser Intervention (tracking bug) in:
- Chrome for desktop release 84
- Chrome for Android release 85
Consensus & Standardization
- No signal
- Mixed signals
Search tagsdownloads, mixed content, blocking, tls, ssl, mix-dl,
Last updated on 2021-07-12