The Mixed Content specification describes how a user agent should handle fetching of unsecure content from a secure context. For that purpose, Chrome currently treats any blob: and filesystem: content as secure although the spec says their origin should be checked instead (i.e. blob://https://... is secure but blob://http://... is not). This change is about making the mixed content checker follow this stricter behavior.
Motivation
- Alignment with the specification - Stricter security
Specification
Status in Chromium
Blink>SecurityFeature>SecureContexts
No active development (tracking bug)
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- No signal
- No signal
- No signal
- No signals
Owner
Last updated on 2021-02-01