Reply to post: Re: I thought Chrome already did this, at least sometimes?

Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages

GnuTzu

Re: I thought Chrome already did this, at least sometimes?

It does. They mentioned it. But, they make a distinction:

Passive mixed content refers to content that doesn't interact with the rest of the page, and thus a man-in-the-middle attack is restricted to what they can do if they intercept or change that content. Passive mixed content includes images, video, and audio content, along with other resources that cannot interact with the rest of the page.

I'm not sure how well they can distinguish in the browser engine though, because I know I've seen images blocked for being HTTP in HTTPS before (which I had to fix on a server).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon