Google began to roll out gradual changes to the Google Chrome browser to block mixed-content rendering and mixed-content downloads. Starting in January 2021, Google will begin to block HTTP file (images, docs, pdf) downloads from an HTTPS site by default.
Does this impact the AgilePoint Platform code?
AgilePoint product team has assessed how this change affects it’s products across cloud and OnPremises system and none of the base product features gets impacted. AgilePoint product never loads mixed content on its OOTB screens and is mainly driven by URLs configured in the product by customers while installing the product. Hence, if a client has HTTPS URLs configured on both AgilePoint portal and server, then it would be used consistently throughout the product.
How this might impact my custom AgilePoint Apps?
This may affect your end users’ ability to access non-HTTPS file downloads, URLs or images referenced within your AgilePoint apps.
- Images and Videos: If a user is viewing a secure webpage (HTTPS), and if any of the content displayed as part of the webpage is hosted on a non-secure link (HTTP), then the content (for example, image or video) will be displayed as a broken image.
- Downloads: If a user is viewing a secure webpage (HTTPS), if there is a download link or attachment in the webpage, and if the corresponding content is hosted on a non-secure site (HTTP or FTP only), then clicking on the link will result in error.
What action can customers take?
To avoid mixed content, broken images or failed downloads, you can choose not to upgrade Chrome at this time, use an alternate browser that allows mixed content, rollback to a previous version of Google Chrome, or enable the Google Chrome mixed content flag.
To enable the Google Chrome mixed content flag within Chrome, click on the padlock icon in the URL bar → Click on Site Settings → Find the Insecure Content dropdown. Then use the dropdown list to change Block (default) to Allow. Note that Google has not announced how long this functionality will be available.
Why is Google making this change?
Google is making this change to improve user privacy and security while using Chrome. This change will present a clearer browser security user experience to end users. As a first step, Google is focusing on insecure downloads started on secure pages.