Setting the policy specifies a list of origins (URLs) or hostname patterns (such as *.example.com) for which security restrictions on insecure origins won't apply. Organizations can specify origins for legacy applications that can't deploy TLS or set up a staging server for internal web development, so developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the address bar.
Setting a list of URLs in this policy amounts to setting the command-line flag --unsafely-treat-insecure-origin-as-secure to a comma-separated list of the same URLs. The policy overrides the command-line flag and UnsafelyTreatInsecureOriginAsSecure, if present.
For more information on secure contexts, see Secure Contexts ( https://www.w3.org/TR/secure-contexts ).
Example value:
http://testserver.example.com/
*.example.org
Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
Registry Path | Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |