en-US

Origins or hostname patterns for which restrictions on insecure origins should not apply

Supported on: Microsoft Windows 7 or later

Registry

HKLM Software\Policies\Google\Chrome
HKCU Software\Policies\Google\Chrome

Options

List (registry values) list - list under Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin

Description

Setting the policy specifies a list of origins (URLs) or hostname patterns (such as *.example.com) for which security restrictions on insecure origins won't apply. Patterns are only accepted for hostnames; URLs/origins with schemes must be exact strings. Organizations can specify origins for legacy applications that can't deploy TLS or set up a staging server for internal web development, so developers can test out features requiring secure contexts without having to deploy TLS on the staging server. This policy also prevents the origin from being labeled "Not Secure" in the address bar. Setting a list of URLs in this policy amounts to setting the command-line flag --unsafely-treat-insecure-origin-as-secure to a comma-separated list of the same URLs. The policy overrides the command-line flag and UnsafelyTreatInsecureOriginAsSecure, if present. For more information on secure contexts, see Secure Contexts ( https://www.w3.org/TR/secure-contexts ). Example value: http://testserver.example.com/ *.example.org