How to block mixed content requests on HTTPS pages without extensions?

[Mo Li]

Firefox has this option.

https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

PS: I can do this by extensions, but a little problem: Yellow warning icon still be displayed left of address bar even all http requests are blocked.

[PhistucK]

Well, you have a few options, really. The first two assume you can change the HTML or HTTP response headers of the website.

1. Right now - use the Content-Security-Policy upgrade-insecure-requests token. For more details, see https://www.chromestatus.com/features/6534575509471232. This will automatically upgrade any HTTP request to HTTPS. If the HTTPS version does not exist, the browser will behave as if the server never responded, or responded with a 404 error, I believe. This will work for any Chrome user and not just for you.

2. Using Chrome 44 (beta) - use the Content-Security-Policy block-all-mixed-content token. For more details, see https://www.chromestatus.com/features/5823679871057920. While this is exactly what you want, I am not sure there is consensus among the browser vendors and so it might not work everywhere. This will work for any Chrome 44 user and not just for you.

3. Right now - use the --enable-potentially-annoying-security-features, --enable-strict-mixed-content-checking or --no-displaying-insecure-content command line flags. This will work just for you, other users will not be affected.

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.