X
Popular Searches

Chrome Disables Autofill In Insecure HTTP Forms on HTTPS Sites

Starting in Chrome 86, Chrome will automatically block autofill on HTTP forms. Even if your site is secured with HTTPS, if your forms aren’t set to be HTTPS, data can still be transferred over HTTP.

The Problem, and How To Fix It

The problem lies in the fact that HTML forms can sometimes be set to HTTP endpoints, regardless of how the rest of the site is delivered. For example, you may have a perfectly secure HTTPS site, and even redirect HTTP to HTTPS:

https://www.example.com

On that site, you could have a form like the following, which takes some input and POSTs to an endpoint.

<form action="/action_page.php" method="post">
  <label for="fname">First name:</label><br>
  <input type="text" id="fname" name="fname"><br>
  <label for="lname">Last name:</label><br>
  <input type="text" id="lname" name="lname">
</form>

If your forms are done like this, with a relative link instead of a direct one, everything is fine, and the form will post to the HTTPS endpoint automatically. In this case,  https://www.example.com/action_page.php.

However, if you instead use a direct link, such as posting to a different subdomain, it’s possible to link an insecure version of your site. This form will always post to the HTTP URL, because that’s what it was told to do.

<form action="http://www.example.com/action_page.php" method="post">
  <label for="fname">First name:</label><br>
  <input type="text" id="fname" name="fname"><br>
  <label for="lname">Last name:</label><br>
  <input type="text" id="lname" name="lname">
</form>

Of course, the fix is very easy. Simple change the HTTP to HTTPS, and the form will post properly.

If you want to check your code for insecure endpoints, you can do a Control+F search for the following:

action="http://
Anthony Heddings Anthony Heddings
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times. Read Full Bio »

The above article may contain affiliate links, which help support CloudSavvy IT.