Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Chrome not honoring https in relative URLs

Tags:

google-chrome

ssl

I having a site that loads perfectly fine in Firefox and IE, but is being blocked by Chrome. Chrome is complaining about mixed mode content, however all resources are accessed by relative URLs within the same domain.

From my understanding, a relative URL should use the same protocol as the "main" page that is being loaded. That being the case I have the following:

<link href="/assets/css/small.css" title="Small" rel="alternate stylesheet" type="text/css" />
<link href="/assets/css/large.css" title="Large" rel="alternate stylesheet" type="text/css" />

Both are Relative URLs. When the page is loaded via HTTPS I get the following from the Chrome Console (I change the domain name for my client's privacy):


    [blocked] The page at https://www.example.com/Login/ ran insecure
    content from http://www.example.com/assets/css/small.css. 

    [blocked] The page at https://www.example.com/Login/ ran insecure content from
    http://www.example.com/assets/css/large.css.

Am I wrong in the assumption that relative URLs should honor the requested protocol?

UPDATE: It is also blocking .js files referenced the same way:

<script src="/assets/scripts/change-text-size.js" type="text/javascript"></script>

is being blocked:

[blocked] The page at https://www.example.com/Login/ ran insecure content from http://www.example.com/assets/scripts/change-text-size.js.

Another weird thing is that if I do view-source on the page that is having the issue, I see the relative url and if I hover the cursor over the "link" to the asset (stylesheet, .js file) the tooltip DOES say it is https:.

Update 2: There is nothing referenced in the .css file. Here is the entire contents of the "small.css" file mentioned above:

div#content-wrap,
div#content-one-col
{
    font-size: 65%;
}
like image 447
cmattix Avatar asked Oct 17 '12 14:10

cmattix

1 Answers

In your public example, the static assets are redirecting to the http version, causing Chrome to complain.

Eg if you go to https://www.bayerglucofacts.com/assets/css/de-de.css - you get a 302 redirect to http://www.bayerglucofacts.com/assets/css/de-de.css which gives the error.

like image 197
ScottR Avatar answered Sep 22 '22 20:09

ScottR
Sign in to Comment

Related questions

On Chrome background images set with CSS custom properties flicker when inside an anchor tag
How to implement scroll restoration for React Router SPA
How to debug css inside different media queries with Firebug and Chrome Developer tools?
How to change the display format of the automatic datepicker in html5
Open a chrome extension through Selenium WebDriver using Python
Memory leak detected in Chrome Custom Tabs
Why does Chrome use Http/1.1 instead of H2 for some resources
Web Push notifications on Chrome for Android: Do I need a third party service like GCM or SNS?
Complex SVG has bad performance in Chrome
Audio playback halts/stops on Chrome 64
How to fix black screen on Google Chrome mobile load page
How to set Chrome's user script version number
Facebook login hangs at "XD Proxy" when page is installed via Chrome Web Store
Chrome : websocket connection not closed when browser closed
Majority time is idle when loading a webpage
How can I establish a secure connection to a websocket on localhost?
Url query string in fetch api in javascript
Google Chrome Console doesn't auto scroll down
Contiguous █ character produces colored line in HTML
input file onchange event not being fired in chrome

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!