search

win32ss / supermium

Chromium fork for Windows XP/2003 and up
https://win32subsystem.live/supermium/
BSD 3-Clause "New" or "Revised" License
2.38k stars 79 forks source link

All browser online games on https://vseigru.net no longer works #835

Open EgorKuzevanov opened 2 months ago

EgorKuzevanov commented 2 months ago

Describe the bug All browser online games on https://vseigru.net no longer works.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://vseigru.net/igry-odevalki/44331-igra-devushka-karandash-odevalka.html.
  2. Embedded frame with game does not load, and following error appears in console: Mixed Content: The page at 'https://vseigru.net/igry-odevalki/44331-igra-devushka-karandash-odevalka.html' was loaded over HTTPS, but requested an insecure frame 'http://vseigru.net/12/igra-devushka-karandash-odevalka/'. This request has been blocked; the content must be served over HTTPS.

Expected behavior Successful loading of browser online game on https://vseigru.net.

Screenshots Untitled

Desktop (please complete the following information):

EgorKuzevanov commented 2 months ago

Is it possible to permanently disable blocking of loading of insecure HTTP frames embedded in secure HTTPS websites in Supermium browser using chrome://flags?

Vangelis66 commented 2 months ago

Google have long ago removed the flag that would allow globally loading/running "mixed content" (served over plain HTTP inside a HTTPS page); what still works in M124 (and have just verified it myself in Sm-124-r2) is the cmdline switch --allow-running-insecure-content; make sure you don't have TOO MANY other cmdline switches defined and that you haven't customised TOO MANY chrome://flags yourself, because then the Windows command passed to chrome.exe will exceed the maximum limit of characters for command line arguments; if you go that way, you'll get a warning about insecure connection in the URLbar:

MC2

A more safe (non-global) way of allowing mixed content to load/run in a page is a per-site-whitelist/configuration; you have two options/ways of doing that:

  1. via Site settings, starting from the URLbar's connection icon:

https://experienceleague.adobe.com/en/docs/target/using/experiences/vec/troubleshoot-composer/mixed-content

then scroll down to section: Enabling mixed content in Google Chrome (you'll be doing this for https://vseigru.net)

  1. Via the Insecure origins treated as secure chrome://flag:

https://stackoverflow.com/a/77496197

(you'll paste in the input field http://vseigru.net, set the flag to Enabled and then Relaunch); result:

MC1

trlkly commented 2 months ago

What's confusing about this one is that the actual iframe URL in the source starts with https://.

And if you just right click on where the game should be and choose "reload frame", the game loads just fine, even if you haven't messed with the site settings.

Something weird is still going on.