Radio player updates for Chrome’s new mixed content restriction
So, having given the problem explained below some thought. I’ve now applied a fix to each of our station’s web based radio players, the HTML radio player code we make available freely for anyone to use on their web sites and our sample / simple HTML player code page.
What does this mean in plain English?
As of version 80 Chrome stopped allowing HTTPS (secure) web pages from including content being served over HTTP. HTTP protocol is an old and less secure version of the HTTPS protocol and the only protocol available to our SHOUTCast 2 servers. Meaning that on our radio station player pages, the radio player would appear to be greyed out in Chrome and ChromeEdge and hasn’t worked for a little while now, although not in Firefox and possibly some other web browsers as well.
Regardless this problem is now fixed. We hope this hasn’t been too much of an inconvenience and thank you for your patience!
Some background on the problem…
Google Chrome already blocks some types of “mixed content” on the web. Now, Google announced it’s getting even more serious: Starting in early 2020, Chrome will block all mixed content by default, breaking some existing web pages. Here’s what that means.
What Is Mixed Content?
There are two types of content here: Content delivered over a secure, encrypted HTTPS connection, and content delivered over an unencrypted HTTP connection. When you use HTTPS, content can’t be snooped on or tampered with in transit, which is why it’s critical websites offer encryption when dealing with financial information or private data.
The web is moving to secure HTTPS websites. If you connect to an older HTTP website without encryption, Google Chrome now warns you these websites are “not secure.” Google now even hides the “https://” indicator by default, as sites should just be secure by default. And the new HTTP/3 standard will have built-in encryption.
But some web pages can be neither entirely HTTPS nor completely HTTP. Some web pages are delivered over a secure HTTPS connection, but they pull in images, scripts, or other resources via an unencrypted HTTP connection. Such web pages have “mixed content” because they’re not fully secure. The web page itself couldn’t be tampered with, but it may pull in a script, image, or iframe (a web page inside a “frame” on another web page) that could have been tampered with.