security123

Level 13
@ultim

Sadly i still can't download and get the following error:
TinyWall-v3-Installer.msi cannot be safely downloaded
Edge error console say:
Code:
download.php:1 Mixed Content: The page at 'https://tinywall.pados.hu/download.php' was loaded over HTTPS, but requested an insecure script 'http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js'. This request has been blocked; the content must be served over HTTPS.
download.php:88 Uncaught ReferenceError: $ is not defined at download.php:88
download.php:1 Mixed Content: The page at 'https://tinywall.pados.hu/download.php' was loaded over HTTPS, but requested an insecure script 'http://xslt.alexa.com/site_stats/js/t/a?url=tinywall.pados.hu'. This request has been blocked; the content must be served over HTTPS.
download.php:1 Mixed Content: The site at 'https://tinywall.pados.hu/' was loaded over a secure connection, but the file at 'https://tinywall.pados.hu/files/TinyWall-v3-Installer.msi' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.
download.php:1 Mixed Content: The site at 'https://tinywall.pados.hu/' was loaded over a secure connection, but the file at 'https://tinywall.pados.hu/files/TinyWall-v3-Installer.msi' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.
Ressource interpretiert als Dokument aber übertragen mit MIME-Typ application/x-msi: "https://tinywall.pados.hu/files/TinyWall-v3-Installer.msi".
download.php:1 Mixed Content: The site at 'https://tinywall.pados.hu/' was loaded over a secure connection, but the file at 'https://tinywall.pados.hu/files/TinyWall-v3-Installer.msi' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.
 

ultim

Level 2
Hi, thanks. I corrected the URL for GA and removed Alexa's script - I didn't even realize it was still there.
As for the download, that is just pure browser stupidity, because as I said, the actual download was secured. But I corrected that now too for pedantic browsers.

Did you have to make some special browser settings to make it bail out? As I documented in the previous post, I tried Chrome-based Edge with insecure and mixed content both blocked and it didn't have a problem with it. Also, I'm normally using Firefox which also blocks mixed content by default yet it had no problem downloading the installer, just like Edge - these browsers are smart enough to recognize the download is secure despite the URL scheme. So what kind of braindead browser are you using?
 

ultim

Level 2
Chromium-Edge with some flags, AdGuard and uMatrix.

I only get the problem on your site but I will test it again if I'm home @ late Wednesday
Lol, I could say the same, I only got the report from you. :D
I'm pretty sure I'd have heard already from a lot of people if browsers were blocking my downloads in the past years, so I guessed it must be some unusual setup on your end. Nevertheless, even if this wasn't a security issue, my sloppyness with the links did cause troubles for you, so sorry about that, and thanks for letting me know. It should be okay now, so when you test again you should be able to download.
 
Top