Google is testing to ensure Autofill is disabled on mixed forms for Chrome on Android, Windows, Mac, Linux, and Chrome OS. Chrome also shows a warning to let the user know it prevented data in the form from being sent over an insecure connection.
Chrome autofill the passwords, credit card data, contact information when saved to the browser on HTTPS websites.
Chrome doesn’t autofill the data in forms on HTTP sites. Google is now going ahead and planning to block forms on HTTPS sites that submit over HTTP with a warning like this:
“The data in this form is being sent through an insecure connection.
The form is being submitted over an insecure connection, which may expose your information (for example, passwords, messages or credit cards) when its sent to this site.”
Chrome offers the options to “Go Back (Recommended)” and “Submit Anyways”.
To test the autofill blocking for insecure forms in Chrome on desktop or Android
1. Launch Chrome 86 Canary
2. Visit chrome://flags page
3, Search for “mixed”
4. Enable the following two flags and restart the browser.
- “Disable autofill for mixed forms”
- “Mixed forms interstitial”
The former flag when enabled prevents autofill for mixed forms and will show a warning bubble over the form.
The latter flag is an interstitial that contains the insecure (mixed) form submission warning message. Passwords auto-filling won’t be affected by these changes.
Related articles:
Chrome to block insecure downloads on HTTPS Sites
Firefox 70 now shows insecure connection icon for HTTP Pages
Shield Icon on Chrome’s Omnibox Shows “ This Page has insecure content”