2981534 - Chrome/Edge version 85+ will only allow secure pages (HTTPS) to download files

When you launch a content or a web link in the Learning system, Chrome/Edge doesn't display/render/play certain parts or entire page of the course/links if the Chrome/Edge browser version is 85 and above. There are no issues with other browsers such as Safari, Internet Explorer, etc.

This issue happens in the following setups in the Learning system, that has embedded content in a mixed content setup:

• OCN Vendor course pages (Like LinkedIn Learning, Coursera, Udacity etc.,)
• courses hosted in iContent
• courses hosted on 3rd party server (anything other than iContent, like Skillsoft or your own content servers or other vendor servers)
• Links such as Document links that are associated to Items/Classes
• Cover page image(s), Introduction Panels, logos, notification templates image links that are hosted on HTTP servers or direct link is placed with HTTP 

What is a mixed content setup:

SAP SuccessFactors Learning, along with the rest of the suite, are hosted and deliver a secure connection over HTTPS. Placing a reference such as an image URL that is hosted on your server or 3rd party vendor server that is HTTP on the Learning System will then not allow Chrome to display them. A website that is HTTPS referencing HTTP content is mixed content.

SAP SuccessFactors Learning

Launch a course or view/access any html elements like image links, media file links in the LMS page and those elements or the entire page.

Google mentioned in the year 2019 that it did not intend to block HTTP downloads started from HTTP sites, since Chrome is already warning users about the site's poor security via the "Not Secure"" indicator in the URL bar.

What they decided to do now is, block insecure (read "http") downloads on sites or http elements (links to a http element like http://somedetails/image.jpg or http://somedetails/video.mp4 embedded into a https page) that appear to be secure (loaded via HTTPS) but whereas the downloads/links aren't (loaded via HTTP).

Example :
If the page is http and if the elements inside that page is of http type, it is allowed.
If the page is https and if the elements inside that page is of https type, it is allowed.
If the page is http and if the elements inside that page is of https type, it is allowed. 
If the page is https and if the elements inside that page is of http type, it is not allowed in chrome and chrome based browsers.

• Manually change any HTTP reference URL to HTTPS (Validate with the server owner if HTTPS is an option)
• Migrate the content that is hosted on an HTTP server to an HTTPS server
• Use a different browser that is not using Chromium base (Edge and Chrome 85+)

Note: SuccessFactors Learning is not able to bypass this change in Chrome/Edge. We have setup some guardrails (LRN-88678) such as providing validation errors when Open Content Network vendors attempt to create Content Objects that have an HTTP URL the content hosted on their website/server. As SAP SuccessFactors does not host an HTTP server, this issue mainly impacts 3rd party servers. It is your responsibility to check any and all impacted areas such as Custom Tiles, Content Objects, attachments (Class and Item level), Cover pages, Notification Templates, etc.

chrome 85, http over https, edge 85, LRN-88678, images not displaying in chrome, mixed-content, (blocked:mixed-content), was loaded over HTTPS but requested an insecure, This request has been blocked; the content must be served over HTTPS , KBA , LOD-SF-LMS-ITE , Items , LOD-SF-LMS-ADM , System Admin, Global Variables, References , LOD-SF-LMS-CNT , Content , LOD-SF-LMS-OCN , Open Content Network , Problem