Chrome 122 - How to allow insecure content? (Insecure download blocked)

Asked 25/2 at 21:22 Answered 4/6 at 16:32

Solved python selenium-webdriver selenium-chromedriver ui-automation

I'm unable to test file download with Selenium (python), after Chrome update to the version '122.0.6261.70'.

Previously running Chrome with the '--allow-running-insecure-content' arg did a trick. The same is suggested over the net. On some sites one additional arg is suggested: '--disable-web-security'.

But both change nothing for me (the warning keeps appearing).

Does anybody know if something has been changed between the 121 and 122 versions?

Is there some arg or pref that I'm missing?

Warning image for the reference:

Driver creation (simplified):

from selenium import webdriver
from selenium.webdriver.chrome.options import Options

options = Options()
for arg in ["--allow-running-insecure-content", "--disable-web-security"]:
    options.add_argument(arg)
driver = webdriver.Chrome(options=options)

Kazan answered 25/2 at 21:22 Comment(1)

having the same issue. yet to find a solution to this :-/ – Preliminary 27/2 at 5:54

Okay, so found two solutions:

--unsafely-treat-insecure-origin-as-secure=*
This is an experimental flag that allows you to list which domains to treat as secure so the download is no longer blocked.
--disable-features=InsecureDownloadWarnings
This is a more stable flag that disables the insecure download blocking feature for all domains.

This is what worked for me:

from selenium import webdriver
from selenium.webdriver.chrome.options import Options

chrome_options = Options()
chrome_options.add_argument("--window-size=1920,1080")
chrome_options.add_argument("--allow-running-insecure-content")  # Allow insecure content
chrome_options.add_argument("--unsafely-treat-insecure-origin-as-secure=http://example.com")  # Replace example.com with your site's domain
chrome_options.add_experimental_option("prefs", {
    "download.default_directory": download_path,
    "download.prompt_for_download": False,
    "download.directory_upgrade": True,
    "safebrowsing.enabled": True
})

driver = webdriver.Chrome(options=chrome_options)

Preliminary answered 27/2 at 6:1 Comment(8)

Thank you a lot! The "--unsafely-treat-insecure-origin-as-secure=example.com" argument alone did a trick. Still don't really understand why the '--allow-running-insecure-content' doesn't do the same thing..whatever. Anyway, thank you for the solution! – Kazan 27/2 at 6:57

yes but how do i specify this globally? the module which constructs the selenium interface doesn't know anything about what pages it will be viewed with! – Zela 29/2 at 13:43

@Michael, but you know the website you are working with Selenium. In my case, I have a webdriver factory that accepts browser name, list of args, and list of prefs. So the module that constructs the selenium interface indeed doesn't know what will be passed to it. It is the responsibility of the code that asks for a driver (some 'before'/'setup' hook), and I believe that code already has some access to the test data/profile that contains a domain name of the target website(s). – Kazan 1/3 at 8:38

@Kazan In my case I have a private class C IP address that VMs can be instantiated in. In some cases the tests should connect to more than one machines, for instance to compare outputs in real time. I haven't yet looked at Selenium's capability of opening multiple windows and tabs and distinguishing between them but the abstraction assumes it's possible and thus doesn't concern itself with a specific IP. It can for the moment as a temporary workaround... – Zela 1/3 at 17:45

@Michael: To fix for all domains, I used the argument --disable-features=InsecureDownloadWarnings. This will probably also be a bit more stable in future as I believe --unsafely-treat-insecure-origin-as-secure= is an experimental flag. – Holter 5/3 at 11:21

@Jona: Want to add this to your answer (and maybe tidy) so both solutions are easy for any users to find? Happy to edit the answer or create a new one if people prefer that. – Holter 5/3 at 11:22

@Akaoni: Thank you for providing the alternative solution using --disable-features=InsecureDownloadWarnings. And yes please! if you can go ahead and edit the solution I'll go ahead and accept the changes. Thanks. – Preliminary 7/3 at 5:51

Don't forget to escape '=' when using it in Robot framework. Call Method ${chrome_options} add_argument --disable-features\=InsecureDownloadWarnings – Beseech 29/3 at 14:3

If you have to access content from multiple domains, please try using like below , worked for me.

chrome_options.add_argument("--unsafely-treat-insecure-origin-as-secure=http://exampleDomain1.com, http://exampleDomain2.com")

you can make it dynamic as well

options.addArguments("--unsafely-treat-insecure-origin-as-secure=" + insecureOriginDominURL);

Mindoro answered 28/2 at 6:0 Comment(0)

Had the same issue but in C#, glad that I'm not the only one. I cannot upvote the answer from Jona but you have my deepest gratitude.

Weiland answered 1/3 at 8:14 Comment(3)

Can you share what you used on C#? – Benzocaine 1/3 at 17:39

@Benzocaine I used this argument --unsafely-treat-insecure-origin-as-secure=<mydomain> For the code: ` var chromeOptions = new ChromeOptions(); chromeOptions.AddUserProfilePreference("download.default_directory", downloadDirectory); chromeOptions.AddUserProfilePreference("download.prompt_for_download", false); chromeOptions.AddUserProfilePreference("disable-popup-blocking", true); chromeOptions.AddArgument("--unsafely-treat-insecure-origin-as-secure=http://" + <yourDomain>); ` – Weiland 4/3 at 8:52

Thanks! My issue was that I was not using "www" in the domain set in the argument. – Benzocaine 4/3 at 13:3

For people stumbling upon this issue AGAIN with Chrome 124

With 122, I used

chromeOptions.addArguments("--disable-features=InsecureDownloadWarnings");

and this did suffice.

Adding the other argument mentioned in the answer helped me to fix the problem occurring once again in Chrome 124:

chromeOptions.addArguments("--unsafely-treat-insecure-origin-as-secure=http://my-download-origin:1234");

Hope it helps!

Kudos to the original answer!

Pablopabon answered 30/4 at 11:44 Comment(0)

For selenium with java:

ChromeOptions options = new ChromeOptions(); options.addArguments("--allow-running-insecure-content"); options.addArguments("--unsafely-treat-insecure-origin-as-secure=https://www.example.com"); options.addArguments("--ignore-certificate-errors"); options.addArguments("--allow-insecure-localhost"); options.setAcceptInsecureCerts(true); options.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);

    if (browser.equals("Firefox")) {
        WebDriverManager.firefoxdriver().setup();

        driver = new FirefoxDriver();
    } else if (browser.equals("Chrome")) {
        WebDriverManager.chromedriver().setup();

        driver = new ChromeDriver(options);
    } else if (browser.equals("Edge")) {
        WebDriverManager.edgedriver().setup();

        driver = new EdgeDriver();

    }

Selhorst answered 4/6 at 16:32 Comment(2)

Please edit your answer so that the code is correctly formatted. Thanks – Talipes 4/6 at 23:39

None of these options are working in chrome v125. i am doing research on finding out the solution. but anyone finds please post it here – Despairing 5/6 at 18:25

Recommended topics

Hot tags