Open tomvothecoder opened 3 years ago
Its been revealed that even if we patch CoG to rewrite http urls as https, users will start seeing certificate (privacy) errors for data nodes that don't use valid certs. While this is not a new issue (with esg-orp redirects for restricted data), its not a great UI experience.
Firefox still allows a user to "Accept Risk" but other browser won't allow the download.
Describe the bug
Chrome now blocks downloads from secure (HTTPS) to insecure (HTTP) connections. This looks like a new security measure since Safari still works for HTTP downloads.
This is affecting both MetaGrid and CoG. https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
Desktop (please complete the following information):
To Reproduce
This download has been blocked
Expected behavior
Files should download