Forum Discussion

lexcyn's avatar
lexcyn
Steel Contributor
Apr 19, 2024
Solved

Mixed mode content download warning

After the recent update to v124 in Stable, all of a sudden we had a bunch of internal sites start throwing mixed mode content download warnings which blocked file downloads. I was able to bypass this...
lexcyn's avatar
lexcyn
Steel Contributor
Apr 25, 2024
Completely understandable. Thankfully we are agile enough to respond to things like this very quickly, but having zero communication from Google or Microsoft on this change is unacceptable. At the very least, a single line in the changelog would have saved us hours of troubleshooting and downtime.
pjv4tx's avatar
pjv4tx
Brass Contributor
Apr 25, 2024
Has this been confirmed as an actual change and not just a bug? I was still thinking this is something that will be patched and not a new normal...has anyone heard something different from MS or elsewhere?
  • SAPacker's avatar
    SAPacker
    Brass Contributor
    Apr 25, 2024
    Not a bug just bad communication. I expect from Google but Microsoft is usually pretty good at getting the info out before hand.
    • lexcyn's avatar
      lexcyn
      Steel Contributor
      Apr 25, 2024

      FYI - from Google (Chromium):

      Hi there,

      I do not believe that this is a regression -- none of the code involved has changed meaningfully in several releases, and the current behavior is working as intended.

       * ExemptDomainFileTypePairsFromFileTypeDownloadWarnings permits allowlisting individual extensions from "file type" warnings (e.g. "be careful, this is an executable!").
       * InsecureContentAllowedForUrls suppresses warnings that stem from the download being delivered over an insecure connection (i.e. not HTTPS).

      Those warnings are distinct, and their methods for suppressing them are distinct. You might want, for instance, to permit insecure downloads from an intranet page, but that page should still not be serving executable files. Or perhaps you're not worried about apk files, but insecure sites still pose a risk.

      As a result, I'm closing this as WontFix. If there was differing behavior, that's likely a bug in the prior behavior (versions prior to 124).

      • SAPacker's avatar
        SAPacker
        Brass Contributor
        Apr 29, 2024
        So was accidently realeased see URL
        https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel#version-1240247867-april-26-2024
        This cant be called a "Wont Fix" since Microsoft just reverted

  • lexcyn's avatar
    lexcyn
    Steel Contributor
    Apr 25, 2024
    Apparently it was not a bug and this was a change made on purpose with no communication. Officially it was "Insecure download warnings feature is now enabled by default".

    I've heard rumblings they may roll it back but IMO the damage is done, may as well start implementing the new policy regardless.