Mixed-content autoupgrade and blocking AI-researched
Dependency: Browser mixed-content policy
Chrome's rollout (starting Chrome 79) autoupgraded and then blocked HTTP subresources on HTTPS pages, breaking artworks that combine many remote media sources when hosted or archived under HTTPS.
Affected Artworks
Steven Read
Loads remote images discovered via search. If embedded assets resolve to HTTP-only hosts, they may be blocked.
Gregory Chatonsky
Aggregates third-party media across origins. HTTP-only endpoints or legacy embeds can be blocked in HTTPS context.
Beat Brogle & Philippe Zimmermann
Pulls large sets of image URLs from the wider web. Mixed-content blocking can silently drop images, altering the film.
Fixes & Mitigations
- Workaround: Rewrite asset URLs to HTTPS, or proxy through an HTTPS 'asset relay' under curatorial control.
- Workaround: Use Content Security Policy directives (upgrade-insecure-requests) during migration testing.
Chrome began a phased rollout: introduce per-site unblock settings (Chrome 79, Dec 2019), autoupgrade and block mixed audio/video (Chrome 80, Jan 2020), and autoupgrade/block mixed images (Chrome 81, Feb 2020).
Notes
Mixed-content is a frequent “archival regression”: moving a work to HTTPS (or embedding it in an HTTPS archive player) can break it if its dependencies are still HTTP.