The policy specifies a list of origins (URLs) or hostname patterns (such
as "*.example.com") for which security restrictions on insecure origins
will not apply.
The intent is to allow organizations to set whitelist origins for legacy
applications that cannot deploy TLS, or to set up a staging server for
internal web development so that their developers can test out features
requiring secure contexts without having to deploy TLS on the staging
server. This policy will also prevent the origin from being labeled
"Not Secure" in the omnibox.
Setting a list of URLs in this policy has the same effect as setting the
command-line flag '--unsafely-treat-insecure-origin-as-secure' to a
comma-separated list of the same URLs. If the policy is set, it will
override the command-line flag.
This policy will override UnsafelyTreatInsecureOriginAsSecure, if present.
For more information on secure contexts, see