Google Web Fonts on HTTPS pages on Chrome

Question

I'm working on an ecommmerce project. Parts of the site are HTTP by default. Others, such as the checkout page, are HTTPS by default. On the HTTPS pages I'm getting this message on the console on Chrome:

[blocked] The page at https://store-ws3q9h.mybigcommerce.com/checkout.php?tk=c99fa39e007db6376dcddaac68695c22 ran insecure content from http://fonts.googleapis.com/css?family=PT+Sans. 
[blocked] The page at https://store-ws3q9h.mybigcommerce.com/checkout.php?tk=c99fa39e007db6376dcddaac68695c22 ran insecure content from http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,700.
[blocked] The page at https://store-ws3q9h.mybigcommerce.com/checkout.php?tk=c99fa39e007db6376dcddaac68695c22 ran insecure content from http://fonts.googleapis.com/css?family=Patua+One.

The fonts are linked on the document head in this way:

<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,700' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Patua+One' rel='stylesheet' type='text/css'>

It looks ok on other browsers I have tested so far.

Answer 1

Create a schema agnostic url

Change http://fonts.google... to //fonts.google...

Drop the http: or https: from the front, the browser will use whichever schema you're currently using on the site.

You may request resources using https from http, but not the other way round. An alternative to the above solution (and probably best practice) is to just always use https if it's available (which it must be if you're using this style of link, otherwise there no point in it anyway).

Answer 2

Remove the protocol from your URL and let the browser determine it:

<link href="//fonts.googleapis.com/css?family=PT+Sans" ...

If your page is HTTPS, the font will be loaded from the HTTPS URL. If the page is HTTP, it'll be loaded from the HTTP URL.