Google Chrome will block submitting forms via insecure connection
With the promotion of Google and Mozilla, the HTTPS traffic of the entire network has now become the mainstream, and most websites have enabled HTTPS encrypted secure connection protocols.
Google Chrome is strengthening security management, imposing more restrictions on web pages and content of insecure (mixed) connections to ensure that data will not be leaked.
For example, if a webpage with an encrypted connection is enabled, Chrome will block if it downloads an HTTP connection file, and an attempt to load HTTP audio, video, or pictures will also be blocked.
The new security option in the Google Chrome Canary is to block insecure form controls. This feature is designed to prevent user-submitted content from being stolen.
The so-called form mainly refers to some web pages that may require users to fill in certain information, for example, the credit card application page needs to provide information such as ID number and address.
This kind of information itself is very private, so if it is stolen, it may have serious consequences. Based on this consideration, Google Chrome believes that it needs to strengthen management.
When the webpage itself is connected by HTTPS but the content of the form is submitted via HTTP, Google Chrome will directly prevent the user from submitting information after detecting it.
Especially when users fill in the credit card number, expiration date, CVV2, and other information on some e-commerce shopping websites, there is a security risk if they are submitted using the HTTP protocol.
At present, the above functions are still being tested and have not been pushed to the stable version channel. Currently, it is a reminder to webmasters and developers that the security management of the form needs to be strengthened. Administrators and developers can use chrome://flags/#mixed-forms-disable-autofill to enable this option.
In the future, if the user information is still submitted with an insecure clear text protocol, Google Chrome will directly display a warning on the front page to prevent users from submitting information.
Via: techdows
