Chrome mixed content changes
As of version 85, Google's Chrome is now blocking embedding mixed content in secure web pages and web applications served with the
http protocol. Learn more.
In this topic, you'll learn about:
- Chrome changes
- Email and landing page rendering
Mixed content refers to images that are considered insecure. They can be that way because:
- They are served with the
- They are served from a host that has an improper certificate, but the user has chosen to accept it (the certificate could be expired, or it could be for the wrong domain).
When an image is
http, Chrome will attempt to load it in
https only. If that fails, the image will be blocked. The user will see a broken icon in place of the image.
The final email and landing page rendering is not affected. Native email clients will render the insecure images without an issue on mobile and desktop devices. The three supported web mail clients (gmail, Outlook for web, and Yahoo) will automatically add a proxy URL to render the image correctly. This proxy URL is invisible to the contact. Oracle Eloqua's landing page rendering will automatically convert the image to an unbranded one when the landing page renders to a contact or visitor, showing correctly.
The best long-term solution for Eloqua users is to secure their content and application brands by acquiring a proper certificate for the domains and installing them by following the steps in Registering SSL certificates for secure microsites and branded domains.
Eloqua users can solve this problem in the editor for now by using a different browser (Edge or Firefox, which will show a warning when this occurs but will still render the image).
Users can also change Chrome's Treat risky downloads over insecure connections as active mixed content, entering chrome://flags/#treat-unsafe-downloads-as-active-content in the address bar, and setting the flag to Disabled to restore the older behavior.
Note: This option is not available after moving to Chrome 86.
Eloqua is aware that this is not possible for some companies due to IT security requirements.
The manual solution is to change the URLs of the image assets in your library from
https. This requires switching to an unbranded domain if the site has not registered a valid certificate for their branded content domain. The unbranded domain would be img##.en25.com, depending on the pod you are on. For example, if you're on pod4, it would be img04.en25.com. This can be a tedious process to try to find and replace all of them in the SRC panels of emails, landing pages, and the component library assets (email header, footer, shared content, dynamic content, and signature layout). Although the responsive editor for email and landing pages is not affected when it shows
To assist with this, Eloqua offers a Fix Images menu option in the Source Editors and the Component Library editors.
Note: Oracle Eloqua is updating to the non-branded secure option. To re-enable branding, please log in to My Oracle Support and create a service request to secure branding and use https.
To use Fix Images when in the Source Editor:
- Click Actions.
- Click Fix Images.
- Make sure to save your email, or the changes will not be permanent.
When the user selects this action, Eloqua will count the number of images it would modify and prompt the user to confirm they want to make the change. When the user selects the confirm button, Fix Images, Eloqua make the changes. If the user is in Chrome 85 or higher, they should see the change immediately. These changes still need to be saved in order to be permanent.
For example, applying to an email with the following code
This image is going to change URLS: <img src='http://my.branded.content.com/EloquaImages/clients/EMAResE10QA01POD3/%7B0944e899-4a31-4cd1-b04c-903b7460eeee%7D__thumb_280676.png' />
The result will be:
This image is going to change URLS: <img src='https://img03.en25.com/EloquaImages/clients/EMAResE10QA01POD3/%7B0944e899-4a31-4cd1-b04c-903b7460eeee%7D__thumb_280676.png' />
Images that are not recognized as being hosted by Eloqua will not be affected.
If you have certified your content domain as secure and informed Eloqua to turn on the configuration flag to provision
https links in the assets by default, this feature will insert the proper branded content domain instead of the unbranded domain. In the example above would instead be converted to:
This image is going to change URLS: <img src='https://my.branded.content.com/EloquaImages/clients/EMAResE10QA01POD3/%7B0944e899-4a31-4cd1-b04c-903b7460eeee%7D__thumb_280676.png' />