If your download don't work, this is the reason



  • Chrome is blocking downloads? Here is why!

    https://www.ghacks.net/2020/10/08/chrome-is-blocking-downloads-here-is-why/

    by Martin Brinkmann on October 08, 2020 in Google Chrome - Last Update: October 08, 2020 - 39 comments

    If you have upgraded the Google Chrome browser to version 86, released on October 6, 2020, you may have noticed that some file downloads don't work anymore in the browser. You click on the download link and nothing happens. Chrome does not display a notification and there is virtually no information that explains what is happening, or not happening in this case. A check of the downloads page of the browser does not even list the file.

    The fact that nothing happens can be confusing to users, as the expectation is that the download should begin after clicking on the link.

    Google announced in early 2020 that it will block content that is served via the insecure HTTP if the originating page uses HTTPS. The company decided to roll out the feature gradually by adding more and more file types to the blocklist. Executable files, e.g. .exe or .bat, are the first file types to be blocked, and the release of Chrome 86 put that block in place. Future versions of Chrome will block non-executable file types such as PDF, ZIP, or JPG files.



  • I really detest this kind of heavy-handed breaking of basic web functions typical of Google. I find it condescending to treat all users like fools who needs hand-holding to be protected from their own stupidity. Some of us are perfectly capable of making our own decisions when it comes to security.

    This is just another way to "streamline" the web for the consumer, making them feel "safe enough" to continue the mindless online shopping spree while data mining companies accumulate a wealth of information on each and every one of us.

    Given that Vivaldi is supposed to be a company that does not have such a condescending view of users and actually consider us to have the intelligence to make our own decisions, I hope that Vivaldi will not force this upon us - unless they already have 😕

    I have a basic test page I use to test stuff like this, for some reason insecure cross-domain downloads still work there. Even FTP, but I've allowed that in the flags. However I see now that creating another test page the "insecure" downloads do not work when clicked.

    No idea about the difference, maybe my site using Let's Encrypt makes a difference?



  • @Pathduck said in If your download don't work, this is the reason:

    Vivaldi is supposed to be a company that does not have such a condescending view of users and actually consider us to have the intelligence to make our own decisions

    Re the browser... yep.
    Re the forum... not so much, recently... so that's a nope.
    🙄


    block content that is served via the insecure HTTP if the originating page uses HTTPS

    I searched the Flags for http, but didn't see anything which overtly seemed relevant here.


    I note that article also says:

    For now, a browser like Firefox, Internet Explorer, Brave, Vivaldi, the new Edge, or Opera all allow the download



  • @Steffie Do the test pages I posted work for you?



  • @Pathduck Well, you'll have to help me understand this pls.

    Link 1

    Spoiler

    With uM set as:
    7b93add1-9c01-4843-92f8-4fc8a6423e76-image.png
    .
    I got these outcomes:
    .
    1ea4286c-1dd4-4831-90d2-a84ddd311f65-image.png
    .
    930e31f2-084b-4994-8a83-dbdbebd289a7-image.png
    .
    6b93d4b4-b6c3-4080-af5a-ae22a7010bd6-image.png
    .
    e450d242-1156-41e8-8c39-8d1ebf4ed111-image.png
    .
    0efbc717-1b52-4dd3-abc5-e82ab7d6d6e6-image.png
    .
    a736f786-0398-4d23-909c-7616bef0eeed-image.png

    Link 2

    Spoiler

    With uM set as:
    74b4e569-0a4d-48c6-81f1-96fce561645f-image.png
    .
    I got these outcomes:
    .
    d57a580b-77a1-4ba9-8dbe-47166a21b499-image.png



  • @Steffie Well tested 😉

    You didn't have to test the SFTP/Flash/mailto/FTP/Iframe stuff, but well done anyway 😂 👍

    Interestingly the Flash download link worked for you - it's been a pet peeve of me for a very long time that for some reason Vivaldi (Chromium most likely) outright blocks links to just the Flash download page. Apparently not for everyone. Do you allow Flash everywhere by any chance?

    The SFTP link is for testing whether custom protocols like sftp:// works. It should (if it's configured on your system) open your chosen program for SFTP/SCP transfers.

    The main test was the "insecure" download EXE file and (as expected) it worked on my test page but fails on the W3Schools page. Which is weird and I don't quite understand why yet.

    * Pathduck trundles off to purchase some bitcoinz, foo!


  • Vivaldi Translator

    This has been in the pipeline for a while and there was ample warning.
    A warning which most will not have seen unless they read the tech sites.
    Just like all those using cloudflare that are still not using DNSSec even though it has been given to them.

    Try https://www.eff.org/https-everywhere
    It should try and get the HTTPS version of a link if available, but will obviously not help if there is none.



  • @Pathduck ...has been patiently laying in wait ever since 12 FEB 2015, biding their time & scheming their plans for some appropriately huge idjit to happen along who is sooooooooooooo gullible as to blindly click random links... ðŸĪĶ♀

    You didn't have to test the SFTP/Flash/mailto/FTP/Iframe stuff

    Who, me, not have ANY clue whatsoever about what she was doing? Did it show? ðŸĪŠ

    Do you allow Flash everywhere by any chance?

    Nope, nowhere. I removed Flash from all my pooters years ago. Using that link today made me feel dirty. So now i'm broke and unsanitary. Onya.



  • @Dr-Flay said in If your download don't work, this is the reason:

    This has been in the pipeline for a while and there was ample warning.

    I'm reminded of this:

    "People of Earth, your attention please," a voice  said,  and  it
    was   wonderful.   Wonderful   perfect  quadrophonic  sound  with
    distortion levels so low as to make a brave man weep.
     
    "This is  Prostetnic  Vogon  Jeltz  of  the  Galactic  Hyperspace
    Planning  Council," the voice continued. "As you will no doubt be
    aware, the plans for development of the outlying regions  of  the
    Galaxy  require  the  building  of  a  hyperspatial express route
    through your star system, and regrettably your planet is  one  of
    those  scheduled  for  demolition. The process will take slightly
    less that two of your Earth minutes. Thank you."
     
    The PA died away.
     
    Uncomprehending terror settled on the watching people  of  Earth.
    The  terror  moved  slowly through the gathered crowds as if they
    were iron fillings on a sheet of board and a  magnet  was  moving
    beneath  them. Panic sprouted again, desperate fleeing panic, but
    there was nowhere to flee to.
     
    Observing this, the Vogons turned on their PA again. It said:
     
    "There's no point in acting  all  surprised  about  it.  All  the
    planning  charts  and  demolition  orders have been on display in
    your local planning department on Alpha  Centauri  for  fifty  of
    your  Earth  years,  so  you've  had  plenty of time to lodge any
    formal complaint and it's far too late to  start  making  a  fuss
    about it now."
     
    The PA fell silent again and its  echo  drifted  off  across  the
    land. The huge ships turned slowly in the sky with easy power. On
    the underside of each a hatchway opened, an empty black space.
     
    By  this  time  somebody  somewhere  must  have  manned  a  radio
    transmitter,  located a wavelength and broadcasted a message back
    to the Vogon ships, to plead on behalf of the planet. Nobody ever
    heard  what  they said, they only heard the reply. The PA slammed
    back into life again. The voice was annoyed. It said:
     
    "What do you mean  you've  never  been  to  Alpha  Centauri?  For
    heaven's  sake mankind, it's only four light years away you know.
    I'm sorry, but if you can't be bothered to take  an  interest  in
    local affairs that's your own lookout.
     
    "Energize the demolition beams."
     
    Light poured out into the hatchways.
     
    "I don't know," said the  voice  on  the  PA,  "apathetic  bloody
    planet, I've no sympathy at all." It cut off.
     
    There was a terrible ghastly silence.
     
    There was a terrible ghastly noise.
     
    There was a terrible ghastly silence.
     
    The Vogon Constructor fleet coasted away  into  the  inky  starry
    void.
    

    ðŸĪĶ♂ 🌍 ðŸ’Ĩ

    Hay @Steffie try this one if you're brave:
    https://verylegitlink.appspot.com/n*NtGAwarez$504server1_spyware.gpg.exe.pdf



  • @Pathduck Ah. Now you've tripped the alarm. Sometime within the next 24 hrs we can expect to see this post forked off into an OT meta-thread. Remember, No Humour Please!


    if you're brave

    Nope. Na-uh, no way. I still need both kidneys & all eight eyes thank you very much, attractive as your kind offer to "sleep peacefully in an ice-chilled bath-tub" undoubtedly is.



  • @barbudo2005 said in If your download don't work, this is the reason:

    The fact that nothing happens can be confusing to users

    I wonder who made the decision to remove the warning message stating that it was blocked??


  • Moderator

    @barbudo2005 Irritating fact that there is no warning in address field if the download of mixed sources is blocked. Not user-friendly at all.



  • I found out the reason why http downloads from the second test site isn't working. The following errors/warnings are logged in the console:

    Subresource requests using legacy protocols (like `ftp:`) are blocked. Please deliver web-accessible resources over modern protocols like HTTPS. See https://www.chromestatus.com/feature/5709390967472128 for details.
    
    Mixed Content: The page at 'https://www.w3schools.com/code/tryit.asp?filename=GJKX1UQ3FQF1' was loaded over HTTPS, but requested an insecure resource 'http://ftp.sunet.se/mirror/ftp.chiark.greenend.org.uk/putty/putty-latest/w32/putty.zip'. This request has been blocked; the content must be served over HTTPS.
    

    Note that ZIP files are also blocked. And not giving any feedback to the user is just rude.

    At the moment it looks like Vivaldi at least is only blocking http downloads from secure pages if the link is located in a sub-resource (i.e. Iframe)?

    Here's another test site I found from the article about the issue:
    https://sites.google.com/site/heroes3hd/eng/download
    Downloads work there.

    I'm actually struggling to find any more example sites apart from the ones I've made myself. Which is probably a good indication that it will not be a major problem for most. But it's still extremely wrong to break basic web functions like this, and without any warning to the user at all.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.