[Fix] File Not Downloaded: Potential Security Risk Error Message in Firefox
Starting from version 93.0, Mozilla Firefox web browser automatically blocks downloads from insecure websites. If you try to download a file from an insecure web page, Firefox built-in Download Manager fails to download the file and displays following error message:
File not downloaded: Potential security risk.
The file uses an insecure connection. It may be corrupted or tempered with during the download process.
Advertisement
You can search for an alternate download source or try again later.
If you click on the error message, Firefox opens the message in details. There are 2 buttons given on the error message box: Allow Download and Remove File. It you click on “Allow Download” button, the file is downloaded by Firefox. If you click on “Remove File” button which is the default selection, Firefox doesn’t download the file.
Following screenshot shows the error message showing in Firefox browser while downloading a file over insecure connection:
In this article, we’ll tell you why does this error message or problem occur in Firefox, how to disable this behavior and error message and most important should you allow downloads on insecure connections in Firefox?
It’s a security enhancement or improvement implemented in Firefox browser. The same feature was already available in other popular Chromium-based browsers such as Google Chrome, Microsoft Edge since a few months and now Mozilla has also enabled the feature in Firefox.
Insecure connection means old HTTP connection which can expose security risk as the data is transferred in unprotected form and can be viewed or modified by man in the middle. On the other hand, if you download a file from secure HTTPS connection, it’s encrypted and secured and doesn’t cause security risks.
Advertisement
That’s why Firefox and other web browsers don’t allow users downloading files from insecure HTTP websites. These browsers block or restrict users from downloading files if they detect an insecure connection to prevent users from security threats.
Although it’s a good security feature but some people might want to disable this security feature. Consider following situation: A user regularly downloads files from a website and he knows that the website is genuine and uses secure HTTPS connection but the files available on the website are provided by insecure HTTP connection which causes mixed content issue. Now Firefox starts blocking downloads and each time the user tries to download the file, Firefox shows warning box. It might become annoying to the user and hence he might want to turn off this security feature.
Fortunately, Firefox allows users to disable this security feature by modifying a hidden preference/flag.
We’ll not recommend allowing downloads from insecure connection but if you want to download files from a known website and want to get rid of the annoying warning box, following steps will help you:
1. Open Firefox and type about:config in the address bar and press Enter. It’ll show you a warning message, click on “Accept the Risk and Continue” button. It’ll open Firefox’s hidden secret advanced configuration page i.e. about:config page.
2. Now type block_download in Search filter box and look for following preference in the window:
dom.block_download_insecure
The preference value is set to true by default, which means downloading over insecure connection is disabled in your Firefox browser.
3. To allow downloads over insecure connection, double-click on the preference and set its value to false. Alternatively, you can click on the Toggle icon given next to the preference name.
That’s it. It’ll immediately disable new security feature and Firefox will no longer block downloads via insecure websites.
PS: In future, if you decide to restore default security behavior and block downloads over insecure connection in Firefox, set above mentioned preference/flag to true again.
NOTE: The other preference “dom.block_download_in_sandboxed_iframes” available on about:config page in Firefox is another security feature which blocks downloads in sandboxed iframes.
BONUS TIP:
There was a similar preference/flag available in Google Chrome web browser to allow downloads from insecure connections but Chrome team removed the preference in newer versions. If you are using an older version of Chrome and want to allow downloads over insecure connection, you can modify chrome://flags/#treat-unsafe-downloads-as-active-content flag.
Also Check:
[Tip] How to Always Show “Downloads” Button in Mozilla Firefox Toolbar
[Tip] Restore Old Classic Theme and UI in Firefox 89 and Later Versions
VG, what would we do without him.
File Not Downloaded: Potential Security Risk Error Message in Firefox
On or off? Why not allow exceptions?
Funny thing is I use firefox because its different, not because its trying to be edge or chrome. Stop doing stupid things. We all know the next thing you will do is remove the flag so we are stuck with it. You have already made it so firefox doesn’t support most of my config pages. If I loose the benefits of using firefox I might as well go to another browser.
I tried this and it didn’t work. I still get the message “File Not Downloaded: Potential Security Risk”. I was downloading a PDF file from Lowes.com when I got the message.
In About:Config I changed the value of “dom.block_download_insecure” to false, and restarted Firefox, but Firefox still blocks the download.