PDF’s marked insecure on Google Chrome
-
Hi, I run an online poetry journal using the Twenty Fourteen theme. Our site is http://www.adozennothing.com.
For each post/page of poems we publish, we offer a PDF of the poems on the page so that the reader can easily open, download, and print the poems. These can be accessed on each page via two ‘print’ buttons.
Today, for the first time, as I was testing an upcoming post, Google Chrome was marking my PDF’s as ‘insecure’ and blocking them from opening, saying the page was trying to load insecure scripts. Going back through all my previous posts, I realize that Google Chrome is now doing the same with all the PDF’s on the entire site. The PDF’s are accessed by two buttons labeled ‘print’ on every page of poetry. Here’s a direct link to one of the PDF’s: https://adozennothing.files.wordpress.com/2018/07/lupe-mendez-adnaug2018.pdf
Why is Google Chrome suddenly marking these as insecure? What can I do to fix it?
Thanks!!
The blog I need help with is: (visible only to logged in users)
-
Hi there,
I checked several of the posts on your site using Chrome, and the PDFs all open without problem for me and Chrome even shows a “Secure” indicator in the address bar, so this might be something specific to your environment.
The only scripts that are supposed to load when you open a PDF are Chrome’s own scripts from their built-in PDF reader – the media link itself does not load any scripts in your browser. But it is possible another, possibly malicious, add-on in your browser is trying to hijack the page and inserting scripts somehow.
Can you please check if this still happens if you try to load the link in an incognito Chrome session? And can you check on another computer, or Chrome on a mobile device as well, to confirm that it only happens on your specific machine?
If you can confirm that, it might help to completely reinstall Chrome, and it might also be a good idea to use an app like Malwarebytes to run a scan of your system. Also consider contacting support for Chrome directly.
-
Hi, thanks for your help. The problem has not happened on my 2011 MacBook, with an older version of Chrome. But, it continues to happen on my newer MacBook Air, with a newer version of Chrome. I did run a scan with Malwarebytes on my new computer, which came up clean.
When I click the print button for a PDF, it says “secure” on the left-hand side of the URL address bar. But, on the right-hand side there’s a little badge with a red “x” on it. Clicking on that brings up a little pop-up that says “Insecure content blocked.” The PDF usually opens and looks ok, but then the screen blanks out. If I then right-click on reload the page, it will work fine. I just don’t want anyone to have to go through any extra steps or confusion to access these PDFs.
I have sent a message to Google support. If you have any further insight, please let me know!
Thanks again for your help!
-
But, on the right-hand side there’s a little badge with a red “x” on it. Clicking on that brings up a little pop-up that says “Insecure content blocked.” The PDF usually opens and looks ok, but then the screen blanks out. If I then right-click on reload the page, it will work fine.
Hmm. That’s now happening for me as well, but only on your site. And I get that warning on other media files as well.
It appears that the favicon loading in your browser tab is the problem – that image is being fetched via an http link rather than a https link. So there’s actually nothing wrong with the page itself, but rather, Chrome is being over-sensitive when checking for secure content – I’m don’t see the warning in Firefox, for example.
Nothing on your site should be loading over http, so I’m following up on this to see if it can be fixed, but meanwhile setting a site icon for your site should also fix the issue – it did in my testing on another site.
You can set a site icon in the Customizer:
-
Hi, thanks again.
I added a site icon, as you suggested, but that doesn’t seem to have made any difference. And, yes, this is only happening on Chrome, and maybe only on the most recent versions of Chrome. (It doesn’t happen with Safari, for instance.) I did find documentation online that Chrome had implemented some new policies regarding content security at the end of July, but as far as I can tell my site shouldn’t be a problem. (I honestly don’t understand everything I read about that, but do know that my site uses https, which seems to be the biggest thing for them.)
If there’s anything else you find, please let me know.
Thanks again!!
-
Hi there,
I see that your icon is now linked from a secure URL and I’m not seeing that warning anymore when I try to load the PDFs in Chrome.
Are you still getting that warning?
-
-
Thanks for trying that. It worked for me in my testing on Friday, which is why I suggested it, but it doesn’t appear to be doing the trick on your site.
I was able to find another report of this, so it does look like it’s a bug on our end, and our developers are aware of it. But I’m not able to give you an ETA on a fix, unfortunately.
As an interim measure, perhaps add a brief notice at the top of your site or in the sidebar that Chrome users might see this message, and that it’s safe to ignore it/being worked on.
- The topic ‘PDF’s marked insecure on Google Chrome’ is closed to new replies.
WordPress.com Forums 