Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
Salesforce is sending mixed messages about mixed content.
In response to Google’s Chrome browser blocking what’s known as “mixed content,” Salesforce recommended that users either skip the latest upgrades or roll back to earlier versions of the browser.
In a knowledge article posted to its website and sent to customers in a newsletter, Salesforce addressed the mixed content issue, which affects products like Salesforce CMS and CMS Connect. The article expands on Google’s new security plan, a phased rollout for blocking insecure downloads through mixed content links, and offers six actions that customers can take to avoid broken images or failed downloads in Chrome. Two of those actions advised users to “choose not to upgrade at this time” or “rollback to a previous version of Google Chrome,” which are unusual steps that contradict enterprise security best practices.
continue reading at techsecurity