How to get Chrome to allow mixed content?

Question

Chrome browser by default is blocking mixed content. How do I adjust my settings/configuration to allow mixed content without making any adjustments on the UI every time?

I have found two solutions but neither of them work:

Several articles say you can adjust this under the Security section of "Under the Hood" in the Options. This option no longer seems to exist. There is no Under The Hood tab and there is no such dropdown to adjust how Chrome handles mixed content as far as I can tell.
Another option is to add the --allow-running-insecure-content flag to your command line. I did this like so: "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content. However this made no difference. If I tried adding the flag inside the double quotes, then Windows complains saying it is invalid.

So what option do I have now with the latest version of Chrome?

@StevenV I can think of may scenarios when I might want or need to "defeat" this behavior. but that's not really the question. The op wants to know HOW to do it. If you don't know, then why bother commenting? op - Your #1 works for me on a https site that references non-https images for example. Although this isn't a programming question and shouldn't be on SO. Post it on SuperUser instead. — Jimmy D, Aug 19 '13 at 19:10
So you have a Under the Hood section of your Chrome settings? I dont! — Trant, Aug 19 '13 at 19:17
This worked for me: https://stackoverflow.com/a/48480814/996926 — advncd, Apr 26 '20 at 04:03
nothing from the answers below worked for me, so I ended up using Firefox where you still can be "unsafe" (https://support.mozilla.org/en-US/kb/mixed-content-blocking-firefox#w_unblock-mixed-content) — oluckyman, Sep 19 '22 at 08:03

kwill · Answer 1 · 2021-06-17T15:05:04.973

285

Steps as of Chrome v91 (6/17/2021):

Click the Not secure warning next to the URL

Click Site settings on the popup box

Near the bottom of the list is Insecure content, change this to Allow

Close settings, go back to the site, and Refresh the page

Older Chrome Versions:

timmmy_42 answers this on: https://productforums.google.com/forum/#!topic/chrome/OrwppKWbKnc

In the address bar at the right end should be a 'shield' icon, you can click on that to run insecure content.

This worked for me in Chromium-dev Version 36.0.1933.0 (262849).

edited Jun 17 '21 at 15:05

answered Jun 26 '14 at 15:24

kwill

3,211
1
16
18

62

Chrome 48 seems not to have the shield icon anymore. – Alexander Bondar Feb 02 '16 at 10:10
3

@kwill When I click on the shield icon and choose to run unsafe scripts, that still does not fix the issue. Are there any alternatives? – Ivan Vegner Feb 16 '16 at 00:44
See January 5th, 2016 post from "che" below. – kwill Mar 23 '16 at 19:57
6

This does not appear to work in Chrome 55, I have posted a question regarding this here. http://stackoverflow.com/questions/41498423/how-to-get-latest-chrome-version-55-to-allow-mixed-content – David Cruwys Jan 06 '17 at 03:26
No icon in Chrome 59 – A.W. Jul 28 '17 at 12:56
2

Worked. But I can't find how to disable 'run insecure content'. You can enable it, but you can't disable it. `Google Chrome Version 48.0.2564.116 (64-bit)` – user3439968 Oct 06 '17 at 00:03
3

No longer a viable answer. Chrome has removed the shield icon. – BobHy Nov 19 '17 at 23:02
1

I got `Chrome Version 62.0.3202.94 (Official Build) (64-bit)` and I got the shield icon. Might be because I'm redirecting `https` request to `http://localhost`. – psycho brm Dec 05 '17 at 14:38
1

Works for me as well on `Version 64.0.3282.167`, and you just have to close the tab to disable it – Guillaume Feb 27 '18 at 12:37
Confirmed on 75.x – Nir Levy Aug 13 '19 at 12:29
Working on Version 86.0.4240.75, but I also had to clear the cookies for this site (Found at the top of the site settings page) – ThomasRones Oct 21 '20 at 16:20
1

still valid answer, just click where the Shield icon used to be, the list of options is just alot larger but the option is still there. – Henrik Bøgelund Lavstsen Apr 02 '21 at 01:37
2

Even when insecure content is allowed, it still blocks mixed content. – Douglas Gaskell Sep 28 '21 at 00:02
I was able to get to the site settings by clicking on the lock to the right of the address bar – John Gilmer Dec 28 '22 at 21:13
1

Allowing insecure content does not prevent blocking "mixed content". Mixed content is different than insecure – Kristi Jorgji Mar 27 '23 at 11:42

Lucky · Answer 2 · 2015-07-22T06:47:35.947

In Windows open the Run window (Win + R):

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --allow-running-insecure-content

In OS-X Terminal.app run the following command ⌘+space:

open /Applications/Google\ Chrome.app --args --allow-running-insecure-content

Note: You seem to be able to add the argument --allow-running-insecure-content to bypass this for development. But its not a recommended solution.

Script47 · Answer 3 · 2019-09-04T11:22:58.567

38

The shield icon that is being mentioned was not in the sidebar for me either, however I solved it doing the following:

Find the shield icon located in the far right of the URL input bar,

Once clicked, the following popup should appear wherein you can click Load unsafe scripts,

That should result in a page refresh and the scripts should start working. What used to be an error,

is now merely a warning,

OS: Windows 10

Chrome Version: 76.0.3809.132 (Official Build) (64-bit)

Edit #1

On version 66.0.3359.117, the shield icon is still available:

Notice how the popup design has changed, so this is Chrome on version 66.0.3359.117.

Note: The shield icon will only appear when you try to load insecure content (content from http) while on https.

edited Sep 04 '19 at 11:22

answered Oct 10 '17 at 15:34

Script47

14,230
4
45
66

@Keynes The above simply mitigates the effects temporarily. If you wanted to solve it completely, ensure that all your outgoing requests are going to a secured (`https`) server instead of `http`. – Script47 Apr 16 '18 at 08:04
1

I'm not able see the shield icon, Chrome version: 66.0.3359.117 – Venkat Apr 23 '18 at 13:52
@Venkat it is still available for me. I've just updated to the latest version. Please see **Edit #1**. – Script47 Apr 23 '18 at 14:01

score 8 · Answer 4 · answered Nov 06 '13 at 14:45

8

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" " --allow-running-insecure-content"

answered Nov 06 '13 at 14:45

Guest

103
1
2

1

I think this doesn’t work any longer – michaeak May 03 '23 at 06:50

Jeremy · Answer 5 · 2020-02-25T04:00:08.950

8

On OSX using the current Chrome build (2/20/2020, 79.0.3945.130), you can:

Click on the 'i' info icon on the left side of address bar.

Click Site Settings

Scroll down to Insecure content

Change it from Blocked (Default) to Allow

Reload the page and try your action again.

edited Feb 25 '20 at 04:00

answered Feb 21 '20 at 00:47

Jeremy

3,438
3
34
57

Works in Google Chrome too – codemirror Feb 22 '20 at 19:13
@codemirror thanks, sorry, i had a typo in my original post. I meant, OSX using Chrome – Jeremy Feb 25 '20 at 04:00
3

On chrome, it still blocks mixed content even after doing this. – Douglas Gaskell Sep 28 '21 at 00:03

score 7 · Answer 6 · answered Dec 13 '16 at 15:34

7

running the following command helps me running https web-page, with iframe which has ws (unsecured) connection

chrome.exe --user-data-dir=c:\temp-chrome --disable-web-security --allow-running-insecure-content

answered Dec 13 '16 at 15:34

Yuval Shubert

197
3
6

I found I had to use these two settings to get my extension working in developer mode using Mixed Content. I have a detailed explanation here. http://stackoverflow.com/questions/41498423/how-to-get-latest-chrome-version-55-to-allow-mixed-content – David Cruwys Jan 08 '17 at 22:19
1

I tried `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --allow-running-insecure-content` and that did not work for me. And I tried with `--disable-web-security`. The **key** was `--user-data-dir` – spottedmahn Oct 03 '17 at 21:29

score 6 · Answer 7 · answered Mar 13 '18 at 21:38

6

Another solution which is permanent in nature between sessions without requiring you to run a specific command when opening chrome is as follows:

Open a Chrome window
In the URL bar enter Chrome://net-internals
Click on "Domain Security Policy" in the side-bar
Add the domain name which you want to always be able to access in http form into the "Add HSTS/PKP domain" section

answered Mar 13 '18 at 21:38

Alex

113
2
7

3

I tried this, it does not work. HSTS/PKP settings are to tell the browser to request HTTPS from the server even if the requested URL says http: or doesn't say any protocol at all. But the server is expected to support HTTPS, which is not what the OP asked for. – BobHy Sep 25 '18 at 14:47

score 4 · Answer 8 · answered Sep 04 '17 at 14:45

4

On OSX the following works from the command line:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --allow-running-insecure-content

answered Sep 04 '17 at 14:45

Armand

23,463
20
90
119

Doesn't work anymore. – Pigeo Jul 07 '23 at 13:56

score 1 · Answer 9 · answered Jan 05 '16 at 19:44

1

Chrome 46 and newer should be showing mixed content without any warning, just without the green lock in address bar.

Source: Simplifying the Page Security Icon in Chrome at Google Online Security Blog.

answered Jan 05 '16 at 19:44

che

12,097
7
42
71

To clarify it isn't necessarily showing the content automatically, it simply isn't signaling with a triangular warning on the https:// portion of the URL. – dragon788 Apr 22 '17 at 20:08

score 0 · Answer 10 · answered Jan 03 '21 at 15:46

0

You could use cors anywhere for testing purposes. But its note recommend for production environments.

https://cors-anywhere.herokuapp.com/

something like: https://cors-anywhere.herokuapp.com/http://yourdomain.com/api

answered Jan 03 '21 at 15:46

Muhammad Ali

341
2
7

1

Whilst this may theoretically answer the question, [it would be preferable](//meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Sabito stands with Ukraine Jan 03 '21 at 15:51

How to get Chrome to allow mixed content?

10 Answers10

Linked

Related