How to optimize a chrome trick without a hint for downloading unsafe content

Question

How to optimize a chrome trick without a hint for downloading unsafe content

In one of the latest chrome updates, the chrome team added the message “load anyway”, which suggests that the user approves the loading of untrusted content onto secure pages, somehow optimistically found a way to “trick” the chrome so as not to ask a question about it and just download content with a yellow warning key, for example: https://www.optimizely.com/edit#url=http://www.yahoo.com/

I can’t understand how they did it ... does anyone understand?

thanks

+6

javascript google-chrome ssl https optimizely

Amnon Aug 6 '12 at 16:47

source share

2 answers

Ryan p · Answer 1 · 2012-08-06T17:30:12+0000

Looks like they do it after the page loads. The home page served only harmless <iframe></iframe> - not yet uploaded insecure content. Javascript does the actual loading of the iframe .

I did some testing and I can not get the message on Chromium 18 (Linux). However, on my test page, the security icon turns green when the page loads, and then turns yellow when insecure content loads in the iframe . The same thing happens on Optimization. Therefore, it’s best to assume that this method avoids the “Download anyway” message, allowing you to download insecure content.

Do not count on this - if this is a new Chrome feature, most likely they will also understand this trick and fix it later .;)

David d C e Freitas · Answer 2 · 2013-10-11T04:24:34+0000

They do not seem to be able to do in Chrome: They ask the user to enable it according to this screenshot:

How to optimize a chrome trick without a hint for downloading unsafe content

More articles: