Menu
I have a chrome extension that communicates using HTTP in development and HTTPS in production.
I run it from webpages that use HTTPS.
When I use this extension in my development mode I get the following error.
Mixed Content: The page at 'https://somesite.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://david-sniper.local:3001/api/end-point'. This content should also be served over HTTPS.
In the past I have been able to resolve this error by going reading this post how-to-get-chrome-to-allow-mixed-content
There are two solutiions in this post.
I have never had success with the first solution, but the second solution where you click on the 'shield' icon was working up until a few weeks ago.
I'm now on Chrome 55 and there is NO Shield option to click on, so I'm wondering how to get mixed content working in developer mode?
312
If you agree to run the mixed content, the web page changes from Secure to Not Secure. Google will be simplifying this in Chrome 79, which will be released sometime in December 2019. You’ll have to click the lock icon to the left of the page’s address, click “Site Settings,” and then unblock mixed content for that site.
In order to unblock mixed content in Chrome, you need to click a link named “Load unsafe scripts.” This will essentially tell Google that you are fine with taking the risk of viewing the page. Once they have this information, the page will automatically let you view the non-secure content.
If they straighten these sites up, then they will continue to work by default. If not, they will be blocked unless mixed content in Chrome is enabled. After December 2019, insecure content will be blocked by Chrome. It will handle mixed content differently. With the coming of Chrome 79, Google will do two main things:
Mixed images will load, but Chrome will say the web page is “Not Secure.” In Chrome 81, Chrome will stop loading mixed images, too. Users can allow the mixed content to load, but it won’t by default. It’s all part of making the web more secure.
Following a tip by Zig Mandel, I used command line parameters to run Chrome without security.
I created a folder called c:\_chrome_data and I unpacked my developer extension into chrome extensions and I used this command line.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content --disable-web-security --user-data-dir=C:\_chrome_data
Click the Shield, I noticed that the shield is not available in Version 55 of chrome anymore unless you have the settings listed in the command line included.
Working Extension
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With