How to Avoid the "File Can't Be Downloaded Securely" Notification on Downloads from Safe, Trusted Sites?

Question

How to Avoid the "File Can't Be Downloaded Securely" Notification on Downloads from Safe, Trusted Sites?

JuliusPIV 21

We recently noticed that when visiting one of our sites & clicking a link to download a document, the file does not immediately download and Edge displays a message stating "<FILE_NAME> can't be downloaded securely":

From there one must click the 'More actions' button (three ellipses) & select 'Keep' in order for the file to actually be downloaded.

My guess is that it may be caused by how this site offers the content:

Person visits site A
Person clicks link on site A to download a file
A new tab opens to the download file which is hosted on site B
The download is offered & the tab that was opened closes automatically
The visitor is left back at site A

My gut tells me it's the handoff from site A to site B that's creating this problem because if I copy the URL for the download being offered & paste it in a tab it download fine.

While I am not entirely clear on why this works in Internet Explorer & Chrome, I can't seem to sort out how to safely resolve this in Edge. In taking a look at the Microsoft Edge Policies document I came across two possible solutions

DownloadRestructions - I don't think this is the right approach; seems too broad
ExemptDomainFileTypePairsFromFileTypeDownloadWarnings - This seems like the most appropriate solution but even after manually creating that policy Edge still displays the prompt.

I also added the domains in question to the SmartScreenAllowListDomains but that didn't seem to help either.

Any advice is greatly appreciated.

Answer 1

XuDong Peng-MSFT 4,746 Microsoft Vendor

Hi @JuliusPIV ,

Your guess is correct. In your website, it redirects to an insecure HTTP connection to implement the download function, resulting in a mixed content download, which ultimately leads to this issue.

In order to solve this problem, you need to use the matching policy: InsecureContentAllowedForUrls. It is used to create a list of URL patterns to specify sites that can display or download insecure mixed content (HTTP content on HTTPS sites). Located under this path: Administrative Templates/Microsoft Edge/Content settings.

For more details, please refer to this docment: Learn about Microsoft Edge and mixed content downloads.

Hope this can help you.

Best regards,
Xudong Peng

If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

XuDong Peng-MSFT 4,746 Reputation points Microsoft Vendor

2021-10-19T05:25:45.26+00:00

Hi @JuliusPIV , May I know if you have got any chance to check my answer? I am glad to help if you have any other questions.
JuliusPIV 21 Reputation points

2021-10-19T22:24:39.883+00:00

Thanks again for following up! I did test this but wasn't seeing a positive change. I will retry again within the next 24 hours and post back.
JuliusPIV 21 Reputation points

2021-10-20T13:52:50.607+00:00

Good Morning @XuDong Peng-MSFT

Thanks again for your earlier reply and follow up. I can confirm that this did indeed fix the issue so thank you for that! However after making the policy change the issue persisted until I restarted Edge. Should these types of changes apply while Edge is running? Is that normal?

On that page many of the settings support "Dynamic Policy Refresh" which to me suggests that Edge will 'see' policy changes like that and apply & enforce them while Edge it's running. I could be very wrong here but I have not found any good documentation on Dynamic Policy Refresh. Can you point me to some documentation that would further explain what Dynamic Policy Refresh is, how it works etc.?

Otherwise thanks again for sorting out the original issue!
XuDong Peng-MSFT 4,746 Reputation points Microsoft Vendor

2021-10-21T06:38:04.103+00:00

Hi @JuliusPIV ,
I am glad to hear that your problem has been resolved. Regarding the question you mentioned, when you modify the group policy, you can navigate to edge://policy to see if they have been configured correctly. If not, it means that the policy has not been refreshed yet.

And regarding Dynamic Policy Refresh, after some searching, I did not find the relevant document, so I am afraid I can't explain it. I recommend that you can send feedback to the relevant team to supplement the relevant documentation on Dynamic Policy Refresh. Just press Alt+ Shift+ i to edit the content of feedback and then send. Thank for your understanding.
Braddo 41 Reputation points

2022-01-10T23:15:26.197+00:00

i have the issue
we have an application running from https site
on that i have a button which takes me to a url which is http
i get the prompt saying the file can't be downloaded
however if i paste the url for the file into the browser it works

please help

How to Avoid the "File Can't Be Downloaded Securely" Notification on Downloads from Safe, Trusted Sites?

0 additional answers

Activity