Service Announcement from Salesforce as of November 20, 2020:
We recently notified you that Google began to roll out gradual changes to the Google Chrome browser to block mixed-content rendering and mixed-content downloads. Starting in January 2021, Google will begin to block HTTP file (images, docs, pdf) downloads from an HTTPS site by default.
What is impacted?
This may affect your end users’ ability to access non-HTTPS downloads or images started on secure pages within Salesforce.
- Images
If a user is viewing a secure webpage (HTTPS), and if any of the content displayed as part of the webpage is hosted on a non-secure link (HTTP), then the content (for example, image or video) will be displayed as a broken image. - Downloads
If a user is viewing a secure webpage (HTTPS), if there is a download link or attachment in the webpage, and if the corresponding content is hosted on a non-secure site (HTTP or FTP only), then clicking on the link will result in error.
What action can I take?
To avoid mixed content, broken images or failed downloads, you can choose not to upgrade Chrome at this time, use an alternate browser that allows mixed content, rollback to a previous version of Google Chrome, or enable the Google Chrome mixed content flag.
To enable the Google Chrome mixed content flag within Chrome:
Click on the padlock icon in the URL bar → Click on Site Settings → Find the Insecure Content dropdown. Then use the dropdown list to change Block (default) to Allow.
Note that Google has not announced how long this functionality will be available.