Streaming live at 10am (PST)

Chrome behaving badly - Help

For months my Chrome installations (on different machines) have been working fine with my Webflow website.
I use a 3rd party plugin and if publishing from Webflow would always have to “allow” unsafe script - this is fine.
However, suddenly this option is no longer available - and therefore I cannot test these “unsafe” scripts - the strange thing is, even when I export the code and upload to the domain - the scripts still do not run and the option is not there…this DOES work in Internet Explorer and the 3rd party script itself works fine.

So does anyone know of an update to Chrome that would have stopped this from working?
(I work in software support so am not a IT newbie) - I cannot find any reference to this suddenly being deactivated.

Totally confused

Which plugin or is it an extension to Chrome?

It’s neither it’s a javascript from codecanyon. It worked fine up until last week. Now it seems Chrome has changed and if published from WF because there is no option to allow unsafe JS anymore it doesn’t work.

I’ve checked again - and the site uploaded to the domain outside of Webflow works fine -
However publishing and viewing from within Webflow no longer works - this is because Chrome no longer prompts to show unsafe scripts - at least it does not on the 4 different systems I have tried. This was working fine before Christmas. Probably not a WF issue as such but is really annoying. Note this works in IE.

This is not a missbehaviour, and it’s not Google fault either, firefox and safari will block the scripts the same: Mixed content are blocked by default on all modern browsers, Firefox blocked them since version 23, Safari since version 9. Chrome since version 79 will no longer ask to unblock mixed contents. This is not a bad behaviour, this is a security protection. You can’t load unsecure resources from a secure context

Can you explain why it works outside of webflow then?..surely if “mixed content” was being blocked it should not work at all.

because in the other link you are in an insecure context, there is no mixing content, because all is insecure.

Basically if your server has SSL certificate, all resources inside must be served from a server with an SSL certificate as well. Since in the second link you have no SSL certificate you don’t need to serve resources using https protocol

Apologies - I have since found - and have found a way to override this - which is what I need for this particular site.

The only way to override this issue is to serve the script using https. No other way around

Nope - I have changed the settings as per the article

“You’ll have to click the lock icon to the left of the page’s address, click “Site Settings,” and then unblock mixed content for that site.”

and it works fine. The site will be using http so it’s all good now.