Google is rolling back SameSite Cookie changes temporarily

Google introduced the new SameSite cookie policy in Chrome 80 Stable which it released in February 2020 to the public. The policy implements changes to the handling of cookies that the company announced in May 2019 for the first time.

Basically, what SameSite does is limit cookie access to first-party access by default. Web developers get options to change the handling by explicitly marking cookies for access in third-party contexts. Third-party cookies will only be sent over HTTPS connections in that case to further improve privacy and security.

chrome samesite cookies

Google published an announcement on the Chromium website on Friday in which it revealed that it made the decision to roll back the SameSite cookie changes in Chrome. The company started to implement the changes in February with the release of Chrome 80. According to Google’s announcement, the rollback is necessary because of “extraordinary global circumstances due to Covid-19”. Google wants to make sure that websites that provide essential services function as designed and that is why SameSite is rolled back and put on hold for the time being.

However in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today. While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time. As we roll back enforcement, organizations, users and sites should see no disruption.

Developers should monitor the Same Site updates page on the Chromium website as well as the Chromium blog for announcements on when SameSite is going to be introduced in Chrome again.

Google announced other Chrome-related changes recently. The company postponed releases, decided to focus on security improvements only, and plans to skip Chrome 82 entirely but release Chrome 83 early because of the Coronavirus pandemic.

Mozilla, maker of Firefox, had to rollback a change in Firefox as well because of the current global situation. The organization decided to re-enable TLS 1.0 and 1.1 in the Firefox web browser due to (some) government sites still requiring the aging protocols and Google postponing the change in the company’s Chrome web browser. Microsoft postponed the disabling of TLS 1.0 and 1.1 in the company’s browsers to the second half of 2020 as well.

Thank you for being a Ghacks reader. The post Google is rolling back SameSite Cookie changes temporarily appeared first on gHacks Technology News.

Chrome 81: mixed content images will be upgraded or blocked

Google announced in late 2019 that it will change how the company’s Chrome web browser handles mixed content. Mixed content refers to insecure content being loaded on secure sites; a basic example is a site that is accessible via HTTPS but loads some elements, e.g. images or scripts, from an insecure source, e.g. HTTP.  One of the main issues with insecure content is that insecure content can be manipulated.

Tip: if you want to find out how your browser handles mixed content, load this mixed content test page to find out about it. You may need to open the Developer Tools (using F12) and open the Console to see if audio, video, and image content was upgraded by the browser automatically.

chrome mixed content

The Chrome browser blocks dynamic content, e.g. iFrame or script content, already if it is loaded from an insecure source. Insecure downloads will also be blocked in coming versions of the Chrome browser.

Google introduced new auto-upgrade and blocking functionality of mixed content in Chrome 80 which it released in February 2020. Chrome 80 attempts to upgraded audio and video content that is loaded via HTTP on HTTPS sites so that the content is also delivered using HTTPS. If that fails, the media is blocked in the browser instead.

Starting in Chrome 81, Google Chrome will do the same for images. If images are encountered on HTTPS webpages that are loaded via HTTP, Chrome will attempt to upgrade those. If that fails, Chrome will block these images so that they won’t be loaded anymore.

The Chrome Platform Status listing highlights that the change will be made in all Chrome versions (Chrome for desktop and Android, as well as Android WebView).

This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. Image mixed content autoupgrades are targeted for M81.

Chrome attempts to upgrade the elements automatically but will block them if that fails as some sites may already support serving the insecure content via HTTPS but don’t due to configuration issues or other issues. It is still likely that Chrome users may run into issues from time to time with content that is not loaded anymore once Chrome is upgraded to version 81.

Google plans to release Chrome 81 next week and skip Chrome 82 to jump directly to Chrome 83 at the end of May 2020. Please note that the change has not yet landed in recent versions of the browser and that it is possible that it will be postponed.

Thank you for being a Ghacks reader. The post Chrome 81: mixed content images will be upgraded or blocked appeared first on gHacks Technology News.

View all your tabs in one place, search, move them between windows with Tab Manager Plus for Firefox and Chrome

There are plenty of add-ons that make tab management easier in Firefox. Tab Session Manager, Foxy Tab, Tree Style Tab are some good options that come to mind.

View all your tabs in one place, search, move them between windows with Tab Manager Plus for Firefox and Chrome

Tab Manager Plus is an extension for Firefox and Chrome that lets you view all your tabs in one place, search in open tabs and move them between windows.

The add-on places an icon on the browser’s toolbar; it displays a badge that indicates the total number of tabs that are open at the time. Click the icon to view the add-on’s interface. This pop-up window contains favicons of every tab that is opened. Mouse over a favicon to view the tab’s title and URL.

Tab Manager Plus change title

Tab Manager Plus assigns a title to the window that is based on the number of tabs you have opened per site. For.e.g If you had 6 or 7 gHacks tabs open or 8-9 of GitHub, it will use gHacks and GitHub.

Mouse over the title and click on it to customize it if you prefer a different one. You may change the background color of the window from this screen as well and click on a favicon to switch to the tab instantly. There are four buttons below the tab icons for closing the window, minimizing it, setting the window color and title, and opening a new tab.

If you want to jump to a specific tab, but aren’t sure where it is, use the search box at the bottom of Tab Manager Plus’interface. It works on an as-you-type basis in real time, and highlights the tabs which match the search term. For e.g. If I type “ghacks”, the extension highlights the tabs which have the word in the url or title.

tab manager plus search demo

Right-click on a tab’s icon to select it, you can select multiple. Press enter to move tabs to a new window, or drag the icons from one window’s pane to another.

tab manager plus move tabs

The toolbar at the bottom of the add-on’s interface can be used to highlight duplicate tabs, open a new window, filter tabs that don’t match your search, or to pin the current tab. The other two options are handy for managing tabs that you have selected, they can either be discarded from the memory or closed.

Click the three-line menu button to change the view. The default view is the horizontal view, and the others are vertical view, block view and big block view. Right-click on the Tab Manager Plus icon to view a context menu. This allows you to open the add-on’s interface in its own tab which can be useful if you’re using the vertical or big block view modes.

Tab Manager Plus horizontal view
Tab Manager Plus vertical view
Tab Manager Plus block view
Tab Manager Plus big block view

The wrench icon in the top right corner opens the extension’s Options panel. You can set the maximum number of tabs per window (for e.g. 15), once it reaches the limit, new tabs will be opened in a new window. The pop-up interface’s size can be customized in terms of height and width. Not a fan of bright colors? Enable dark mode. Compact mode trims the spaces between each icon.

Tab Manager Plus dark mode

Tab Manager Plus supports some mouse and keyboard shortcuts. As mentioned earlier, right-click selects tabs, holding shift while right-clicking selects multiple tabs. Close tabs using the middle mouse button. Pressing the enter key opens a selected tab, or moves multiple tabs to a new window. You can toggle animations, window titles, and the tab counter from the add-on’s options page.

The extension has a couple of experimental features for session management. But I couldn’t get these to work in Firefox or Chrome.

Tab Manager Plus is an open source extension. This reddit post explains the origin of Tab Manager Plus. Apparently, the developer was using a similar Chrome extension which was eventually sold and then went bad. So he forked the original add-on (before it went rogue), improved it and later ported it to Firefox.

Thank you for being a Ghacks reader. The post View all your tabs in one place, search, move them between windows with Tab Manager Plus for Firefox and Chrome appeared first on gHacks Technology News.

Google implements "always show full URL" option in Google Chrome

Chromium, the open source part of the Google Chrome browser, got a new experimental flag recently that, when enabled, added a context menu option to the address bar to show the full URL of the active site. My take on the initial feature was that it was more or less worthless as it only showed the full ‘URL for that site; a reload, click on a link or the loading of a new address would return to the crippled status quo.

It appears that the Chromium developers were not finished with the implementation. If you use Chromium or Chrome Canary with the flag enabled, you will notice that it has been turned into a toggle.

A right-click on the URL in the Chrome address bar and the selection of “Always show full URLs” toggles the feature.

chrome always show full url

When enabled, Chrome will always show the full URL of the active site including the protocol that is used and the www/m part if it is used by the site. The default state is disabled and Chrome will omit the information in that case.

Google plans to roll out the feature in Chrome 83 Stable. The company announced recently that it will skip Chrome 82 due to the Coronavirus pandemic so that Chrome 83 will be the next stable version of the web browser.

Google Chrome users who run Chrome Canary (or Chromium) currently may enable the new feature in the following way:

  1. Load chrome://flags in the web browser’s address bar.
  2. Search for Context menu show full URLs or load chrome://flags/#omnibox-context-menu-show-full-urls directly.
  3. Set the status of the experimental flag to enabled.
  4. Restart the web browser.
  5. Right-click on the address in Chrome after the restart and check the “Always show full URLs” context menu option.

Chrome will display the full page address from that moment on for all visited sites.

Closing Words

Finally, an option to show the full page URL again in the Chrome web browser (without having to install a browser extension). I still think it is ridiculous that Google removed the information in first place (and that other browser makers followed). Vital information like the URL should never be manipulated in my opinion.

Now You: Full URL or just some part of it, what is your preference? (via Techdows)

Thank you for being a Ghacks reader. The post Google implements “always show full URL” option in Google Chrome appeared first on gHacks Technology News.

Chromium's "Show Url" is the most useless thing I have ever seen in a browser

Every now and then, browser makers make decisions that seem in diametrical opposition to what user’s want or expect from a browser. Granted, these companies have lots of Telemetry data that the public does not have access to, and that data may suggest to them that the change makes sense.

Google started to hide certain elements from the URL in the address bar some time ago. Particularly, Chrome hides https://, http://, and www from the URL by default and Chrome engineers stated that the information was not required by most users. For secure sites, Chrome shows a padlock icon to indicate that the site is secure but that is that.

If you visit Ghacks, you will notice that Chrome omits the “www” part of the address. While it makes no difference here on this site, it is theoretically possible that site content differs when accessing a site using www and without www.

Note: Mozilla plans to remove HTTPS and WWW from Firefox’s address bar as well.

A click in the address bar currently displays the full address. While that is better than nothing, it is cumbersome to do so. Google removed a flag in the browser some time ago that allowed users to restore the full address in the browser. Chrome users may install the company’s Suspicious Site Reporter extension or a third-party extension that restores the functionality.

Now, it appears that Google is working on another option to restore the functionality. Recent versions of Chromium, the open source core of Chrome and other Chromium-based browsers, sport a new experimental flag to add a context menu option to Chrome. What it does? It gives users the option to display the full address from the right-click context menu.

The problem? It is only active for the currently loaded site and only until a reload. Why would anyone use the context menu to display the full address if a single left-click in the address bar does the same?

chrome show url

The only explanation that I have for that is that the feature is not fully implemented yet. It could be that the option will toggle the functionality permanently or at least for the session once fully implemented. If not, it does not look as if it is a feature that could be of use to anyone using  the web browser.

The flag is only active in Chromium currently. While you see it in Chrome Canary currently, enabling it does nothing at the time of writing.

Now You: What is your take on the hiding of information in a browser’s address bar? (via Techdows)

Thank you for being a Ghacks reader. The post Chromium’s “Show Url” is the most useless thing I have ever seen in a browser appeared first on gHacks Technology News.