In Chrome I've noticed that I occasionally get mixed-content warnings in the url bar, eg:
Can I configure Chrome to block mixed content, not just warn about it (or, if I have accidentally dismissed a warning before - reset the default).
The reasoning being - this tells me nicely, after the bad thing has happened. I'd rather the bad thing was blocked - after which, by all means warn me.
Details:
I'm using Gmail*, so it's not just the little sites, but I've seen it on other websites.
I get no pop-ups or dialogues asking if I want to display the insecure content.
Clicking on the padlock to get the details shows the following message, which implies that the insecure resources were displayed and not blocked:
Your connection to mail.google.com is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
I'm using Chrome 30.0.1599.101 on OSX, but I've seen this previously in older versions.
*Strictly speaking I'm using google apps for domains, ie, my current employer use gmail for their domain's email. Checking the javascript log (instructions)shows that the insecure content was due to a logo of my employer downloaded via an insecure connection. Getting them to fix that would also help of course - but that's outside the scope of this question.
No comments:
Post a Comment