Chrome to Force Usage of HTTPS for Google Services

In a move to strengthen security, Google Chrome will soon force HTTPS protocol for all Google services. This change has been added to Chromium for now, and we should see this in action on Chrome dev channel very soon.

There will not be any visible change for users with this change though. From the commit log:

Force usage of HTTPS for Google services.

This is effectively a revert of http://crrev.com/136205 , switching back to
searchdomaincheck “format=domain” from “format=url”, but this time using HTTPS
instead of HTTP. Note that in general this should have no visible effect, since
for Chrome 25+ searchdomaincheck is supposed to be sending “https…” URLs
anyway. The only difference is that, if searchdomaincheck is never accessed,
the “out of the box” default value for the Google homepage switches from
“http://www.google.com/” to “https://www.google.com/”.

This shouldn’t cause any additional bustage to existing users, since Google
search over HTTP will just redirect to HTTPS anyway, so anyone whose network
doesn’t support HTTPS accesses is already seeing broken behavior. (For the same
reason, this means even the “out of the box default” change noted above
shouldn’t really be visible to end users.)

It’s still possible for users to “downgrade” Google searches to HTTP using the
nosslsearch mechanism, but that’s not in scope for Chrome to address.

Not exciting, but reassuring for sure!

Leave a Reply

Your email address will not be published.