How to get Chrome to allow mixed content?

Google ChromeHttpBrowserHttpsMixed Content

Google Chrome Problem Overview

Chrome browser by default is blocking mixed content. How do I adjust my settings/configuration to allow mixed content without making any adjustments on the UI every time?

I have found two solutions but neither of them work:

  1. Several articles say you can adjust this under the Security section of "Under the Hood" in the Options. This option no longer seems to exist. There is no Under The Hood tab and there is no such dropdown to adjust how Chrome handles mixed content as far as I can tell.
  2. Another option is to add the --allow-running-insecure-content flag to your command line. I did this like so: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content. However this made no difference. If I tried adding the flag inside the double quotes, then Windows complains saying it is invalid.

So what option do I have now with the latest version of Chrome?

Google Chrome Solutions

Solution 1 - Google Chrome

Steps as of Chrome v91 (6/17/2021):

  1. Click the Not secure warning next to the URL

enter image description here

  1. Click Site settings on the popup box

enter image description here

  1. Near the bottom of the list is Insecure content, change this to Allow

enter image description here

  1. Close settings, go back to the site, and Refresh the page

Older Chrome Versions:

timmmy_42 answers this on: https://productforums.google.com/forum/#!topic/chrome/OrwppKWbKnc

> In the address bar at the right end should be a 'shield' icon, you can > click on that to run insecure content.

This worked for me in Chromium-dev Version 36.0.1933.0 (262849).

Solution 2 - Google Chrome

In Windows open the Run window (Win + R):

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --allow-running-insecure-content

In OS-X Terminal.app run the following command āŒ˜+space:

open /Applications/Google\ Chrome.app --args --allow-running-insecure-content

Note: You seem to be able to add the argument --allow-running-insecure-content to bypass this for development. But its not a recommended solution.

Solution 3 - Google Chrome

The shield icon that is being mentioned was not in the sidebar for me either, however I solved it doing the following:

Find the shield icon located in the far right of the URL input bar,

Once clicked, the following popup should appear wherein you can click Load unsafe scripts,

That should result in a page refresh and the scripts should start working. What used to be an error,

is now merely a warning,

OS: Windows 10

Chrome Version: 76.0.3809.132 (Official Build) (64-bit)

Edit #1

On version 66.0.3359.117, the shield icon is still available:

Notice how the popup design has changed, so this is Chrome on version 66.0.3359.117.

Note: The shield icon will only appear when you try to load insecure content (content from http) while on https.

Solution 4 - Google Chrome

On OSX using the current Chrome build (2/20/2020, 79.0.3945.130), you can:

Click on the 'i' info icon on the left side of address bar.

Click Site Settings

Scroll down to Insecure content

Change it from Blocked (Default) to Allow

Reload the page and try your action again.

Solution 5 - Google Chrome

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" " --allow-running-insecure-content"

Solution 6 - Google Chrome

running the following command helps me running https web-page, with iframe which has ws (unsecured) connection

chrome.exe --user-data-dir=c:\temp-chrome --disable-web-security --allow-running-insecure-content

Solution 7 - Google Chrome

Another solution which is permanent in nature between sessions without requiring you to run a specific command when opening chrome is as follows:

  1. Open a Chrome window
  2. In the URL bar enter Chrome://net-internals
  3. Click on "Domain Security Policy" in the side-bar
  4. Add the domain name which you want to always be able to access in http form into the "Add HSTS/PKP domain" section

Solution 8 - Google Chrome

On OSX the following works from the command line:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --allow-running-insecure-content

Solution 9 - Google Chrome

Chrome 46 and newer should be showing mixed content without any warning, just without the green lock in address bar.

Source: https://googleonlinesecurity.blogspot.com.au/2015/10/simplifying-page-security-icon-in-chrome.html">Simplifying the Page Security Icon in Chrome at Google Online Security Blog.

Solution 10 - Google Chrome

You could use cors anywhere for testing purposes. But its note recommend for production environments.

https://cors-anywhere.herokuapp.com/

something like: https://cors-anywhere.herokuapp.com/http://yourdomain.com/api

Categories
Recommended Google Chrome Solutions
Recommended Http Solutions
Recommended Browser Solutions
Recommended Https Solutions

Previous Solution:

Converting Stream to String and back...what are we missing?

C#.NetSerializationDeserializationProtobuf Net

Next Solution:

How do I get the backtrace for all the threads in GDB?

MultithreadingDebuggingGdbBacktrace

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionTrantView Question on Stackoverflow
Solution 1 - Google ChromekwillView Answer on Stackoverflow
Solution 2 - Google ChromeLuckyView Answer on Stackoverflow
Solution 3 - Google ChromeScript47View Answer on Stackoverflow
Solution 4 - Google ChromeJeremyView Answer on Stackoverflow
Solution 5 - Google ChromeGuestView Answer on Stackoverflow
Solution 6 - Google ChromeYuval ShubertView Answer on Stackoverflow
Solution 7 - Google ChromeAlexView Answer on Stackoverflow
Solution 8 - Google ChromeArmandView Answer on Stackoverflow
Solution 9 - Google ChromecheView Answer on Stackoverflow
Solution 10 - Google ChromeMuhammad AliView Answer on Stackoverflow