In one of the latest chrome updates , the chrome team added the "load anyway" message that prompts a user to approve loading insecure content on secure pages , somehow optimizely have found a way to "trick" chrome not to ask for that question and simply load the content with the yellow warning key , e.g. : https://www.optimizely.com/edit#url=http://www.yahoo.com/
I can't seem to understand how they did it... does anyone understand ?
Thanks
It looks like they do it after page load. The initial page served only includes an innocuous <iframe></iframe>
- no insecure content loaded yet. Javascript does the actual loading of the iframe
.
I did some testing and I can't get any message to appear on Chromium 18 (Linux). However, on my test page, the security icon starts green on page load, then turns yellow when the insecure content is loaded to the iframe
. The exact same happens on Optimizely. So my best guess is that this method will avoid the "Load Anyway" message while letting you load insecure content.
Don't count on that though - if this is a new Chrome feature, it's likely they'll figure out this trick as well and fix it later. ;)
They don't seem to get around it on Chrome: They ask the user to enable it as per this screenshot:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With