Origins or hostname patterns for which restrictions on insecure origins should not apply


The policy specifies a list of origins (URLs) or hostname patterns (such
as "*.example.com") for which security restrictions on insecure origins
will not apply.

The intent is to allow organizations to set whitelist origins for legacy
applications that cannot deploy TLS, or to set up a staging server for
internal web development so that their developers can test out features
requiring secure contexts without having to deploy TLS on the staging
server. This policy will also prevent the origin from being labeled
"Not Secure" in the omnibox.

Setting a list of URLs in this policy has the same effect as setting the
command-line flag '--unsafely-treat-insecure-origin-as-secure' to a
comma-separated list of the same URLs. If the policy is set, it will
override the command-line flag.

This policy will override UnsafelyTreatInsecureOriginAsSecure, if present.

For more information on secure contexts, see
https://www.w3.org/TR/secure-contexts/.

Example value:

http://testserver.example.com/
*.example.org

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Origins or hostname patterns for which restrictions on insecure origins should not apply

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS\OverrideSecurityRestrictionsOnInsecureOrigin
Value Name{number}
Value TypeREG_SZ
Default Value

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)