Origins or hostname patterns for which restrictions on insecure origins should not apply

Setting the policy specifies a list of origins (URLs) or hostname patterns (such as *.example.com) for which security restrictions on insecure origins won't apply. Organizations can specify origins for legacy applications that can't deploy TLS or set up a staging server for internal web development, so developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the address bar.

Setting a list of URLs in this policy amounts to setting the command-line flag --unsafely-treat-insecure-origin-as-secure to a comma-separated list of the same URLs. The policy overrides the command-line flag and UnsafelyTreatInsecureOriginAsSecure, if present.

For more information on secure contexts, see Secure Contexts ( https://www.w3.org/TR/secure-contexts ).

Example value:

http://testserver.example.com/
*.example.org

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Origins or hostname patterns for which restrictions on insecure origins should not apply

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin
Value Name{number}
Value TypeREG_SZ
Default Value

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)