SOLVED

Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Go to solution

Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

We've noticed in the last couple of days that Chrome is flagging our ics file downloads as insecure:

Calendar File Error.png

 

We're getting this information form the Chrome help center:https://support.google.com/chrome/answer/6261569?p=mixed_content_downloads&visit_id=6374148310767774... 

 

These files are linked from our event confirmation emails and utilize the calendar file tokens within the event programs.

 

It's my understanding that Chrome are releasing updates to flag certain file types. 

Is anyone else seeing this issue with their calendar files and know of a way around it or a way to resolve? The file is still functional if you select 'keep' but it doesn't look very professional to have your files flagged as a potential virus!

 

Thanks in advance for any advice.

1 ACCEPTED SOLUTION

Accepted Solutions
Level 10 - Community Moderator

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

That's not a secure download, since it redirects to  the insecure

 

http://your.fitch.group/rs/732-CKH-767/58231/Virtual+Roundtable+INSERT+WEBINAR+TITLE.ics  

 

The initial connection being https: doesn't matter if the next request is http:.

 

 

View solution in original post

9 REPLIES 9
Level 10 - Community Moderator

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

If you don't have SSL on your LP domain, this warning is unavoidable (because it's a plain http:// link).

Level 1

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Hi Sanford, 

I work with @Laura_Starkie and have looked over this with her.  

 

We do use https:// for nearly all of our sites, including the ICS file downloads.  

  Example: https://goto.fitchratings.com/I0g1dCE0PNGVC43s0a0KH07

 

 

Level 10 - Community Moderator

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

That's not a secure download, since it redirects to  the insecure

 

http://your.fitch.group/rs/732-CKH-767/58231/Virtual+Roundtable+INSERT+WEBINAR+TITLE.ics  

 

The initial connection being https: doesn't matter if the next request is http:.

 

 

View solution in original post

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Thanks for your help @SanfordWhiteman. Following your suggestion,  I am looking into this with Marketo support.

 

Laura

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Hi Laura, did this get fixed?  We are experiencing the same problem and it is blocking the ics file from being downloaded in Outlook.  Am trying with Marketo Support but getting messaging service.

Level 10 - Community Moderator

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

If you don't have SSL on your LP domain, that's the reason. Not so much a problem as an inevitability!

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Hi @Michelle_Wolle1 ,

 

No resolve yet. I am having an ongoing discussion with Marketo support who are working on a patch and also our internal IT team (per Marketo's advice) to see if they can do anything to help. As soon as we have a solution for this I will be sure to post an update.


Laura

Tags (1)
Level 10 - Community Moderator

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Your internal IT team would only be able to help if they put up a new reverse proxy server, running SSL, through which those ICS files could be downloaded from your Marketo LP domain.

 

That's a huge ask if they're not spinning up proxies regularly. And, unfortunately, it isn't even guaranteed to work under load, since Marketo uses CloudFlare now and CF can be sensitive to too many hits from the same source.

Re: Chrome is flagging our ics downloads as dangerous. How do we stop getting flagged?

Hi @Michelle_Wolle1 ,

 

Yes, this issue was resolved over the last week. 

 

Per @SanfordWhiteman's previous post, when the calendar file was downloaded it was generating as http whilst the instance tracking link was secure. Due to Chrome's new browser behaviour it was causing a mixed-content error and therefore not directing to the target calendar file.

 

I have been advised that a fix has been released which ensures the calendar file gets downloaded by rendering the ICS files as HTTPS.

 

I have tested this this week and all seems to be working for us now.