It is now two and a half years, websites that used the HTTPS protocol, and left aside the traditional but unsafe HTTP became most in the Network of Networks. A few months before, Google (which owns the search engine and the web browser is most used) had declared the start of hostilities against the HTTP protocol, declaring himself willing to declare insecure medium-the Internet.
The progress of the HTTPS since then have been remarkable; so much, Chrome to left to indicate that an HTTP web site “it is safe” because that had happened (and should happen) to be normal, limiting itself to pointing out the insecurity of all the HTTP.
Code JavaScript. Google is now going for the mixed content
But still today, on many websites we find what is called “mixed content”: you the HTML code for the initial load through a HTTPS connection (safe), while some of the resources of the sameto (images, animations, videos, scripts or CSS files) they do it through HTTP connections (unsafe).
So, despite the initial request to the server it was safe, and in the address bar of our browser appears a reassuring “https://”, the security of the site that we visited is likewise committed.
Until now, this kind of content were not blocked by browsers, because could turn out to be fundamental to maintain full functionality or the look of the web.
But Google seems determined to leave behind the HTTP protocol, and has decided to take the riskalthough in the current Google Chrome 80 has already begun to rewrite/lock audio/video, the beta of Google Chrome 81 already apply that same measure also to the images. From now on, Google Chrome will rewrite all calls to HTTP resources, and will try to look in directions equivalent with HTTPS, rewriting the calls embedded in the HTML.
It may even be good news for many webmasters who have not finished reviewing the code of their web sites, but can provide these resources in a safe manner: Google will do the work for them and will save safety warnings they give a bad image of your site and affect your website positioning.
But if it were not that the case, and the resources were not available to safely, the websites are no longer displayed properly: the CSS/JavaScript will not load, or you may not have the multimedia content. In that case, Google is willing to block its charge.
Via | TheWindowsClub
Image | Christiaan Colen
it was originally published in
Engadget
by
Marcos Merino
.
