diff options
author | Florian Bruhin <me@the-compiler.org> | 2021-08-25 08:35:14 +0200 |
---|---|---|
committer | Florian Bruhin <me@the-compiler.org> | 2021-08-25 10:05:28 +0200 |
commit | c022893a76ab388a552b420728edb19fcb122bb8 (patch) | |
tree | 293897fffcad75ba85b7a8d4962c407cc54c8ead /doc | |
parent | 65af6b2125ecc5742e8b1a257ada60d326243ac7 (diff) | |
download | qutebrowser-c022893a76ab388a552b420728edb19fcb122bb8.tar.gz qutebrowser-c022893a76ab388a552b420728edb19fcb122bb8.zip |
Prevent mixed content downloading by default
https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
https://therecord.media/firefox-follows-chrome-and-prepares-to-block-insecure-downloads/
Diffstat (limited to 'doc')
-rw-r--r-- | doc/changelog.asciidoc | 2 | ||||
-rw-r--r-- | doc/help/settings.asciidoc | 14 |
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index f6e2d7be1..57fc9d4e8 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -25,6 +25,8 @@ Added - New `content.blocking.hosts.block_subdomains` setting which can be used to disable the subdomain blocking for the hosts-based adblocker introduced in v2.3.0. +- New `downloads.prevent_mixed_content` setting to prevent insecure + mixed-content downloads (true by default). Fixed ~~~~~ diff --git a/doc/help/settings.asciidoc b/doc/help/settings.asciidoc index 9b896107f..1e943c235 100644 --- a/doc/help/settings.asciidoc +++ b/doc/help/settings.asciidoc @@ -209,6 +209,7 @@ |<<downloads.location.suggestion,downloads.location.suggestion>>|What to display in the download filename input. |<<downloads.open_dispatcher,downloads.open_dispatcher>>|Default program used to open downloads. |<<downloads.position,downloads.position>>|Where to show the downloaded files. +|<<downloads.prevent_mixed_content,downloads.prevent_mixed_content>>|Automatically abort insecure (HTTP) downloads originating from secure (HTTPS) pages. |<<downloads.remove_finished,downloads.remove_finished>>|Duration (in milliseconds) to wait before removing finished downloads. |<<editor.command,editor.command>>|Editor (and arguments) to use for the `edit-*` commands. |<<editor.encoding,editor.encoding>>|Encoding to use for the editor. @@ -2888,6 +2889,19 @@ Valid values: Default: +pass:[top]+ +[[downloads.prevent_mixed_content]] +=== downloads.prevent_mixed_content +Automatically abort insecure (HTTP) downloads originating from secure (HTTPS) pages. +For per-domain settings, the relevant URL is the URL initiating the download, not the URL the download itself is coming from. It's not recommended to set this setting to false globally. + +This setting supports URL patterns. + +This setting is only available with the QtWebEngine backend. + +Type: <<types,Bool>> + +Default: +pass:[true]+ + [[downloads.remove_finished]] === downloads.remove_finished Duration (in milliseconds) to wait before removing finished downloads. |