How to Avoid the "File Can't Be Downloaded Securely" Notification on Downloads from Safe, Trusted Sites?

JuliusPIV 56 Reputation points
2021-10-11T15:50:26.173+00:00

We recently noticed that when visiting one of our sites & clicking a link to download a document, the file does not immediately download and Edge displays a message stating "<FILE_NAME> can't be downloaded securely":
139551-image.png

From there one must click the 'More actions' button (three ellipses) & select 'Keep' in order for the file to actually be downloaded.
139508-image.png

My guess is that it may be caused by how this site offers the content:

  1. Person visits site A
  2. Person clicks link on site A to download a file
  3. A new tab opens to the download file which is hosted on site B
  4. The download is offered & the tab that was opened closes automatically
  5. The visitor is left back at site A

My gut tells me it's the handoff from site A to site B that's creating this problem because if I copy the URL for the download being offered & paste it in a tab it download fine.

While I am not entirely clear on why this works in Internet Explorer & Chrome, I can't seem to sort out how to safely resolve this in Edge. In taking a look at the Microsoft Edge Policies document I came across two possible solutions

I also added the domains in question to the SmartScreenAllowListDomains but that didn't seem to help either.

Any advice is greatly appreciated.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,107 questions
0 comments
Accepted answer
  1. XuDong Peng-MSFT 10,096 Reputation points Microsoft Vendor
    2021-10-12T08:15:22.987+00:00

    Hi @JuliusPIV ,

    Your guess is correct. In your website, it redirects to an insecure HTTP connection to implement the download function, resulting in a mixed content download, which ultimately leads to this issue.

    In order to solve this problem, you need to use the matching policy: InsecureContentAllowedForUrls. It is used to create a list of URL patterns to specify sites that can display or download insecure mixed content (HTTP content on HTTPS sites). Located under this path: Administrative Templates/Microsoft Edge/Content settings.

    For more details, please refer to this docment: Learn about Microsoft Edge and mixed content downloads.

    Hope this can help you.

    Best regards,
    Xudong Peng

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    6 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest