On HTTPS site, there is the following console message:

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato|Inconsolata|Merriweather:400,400italic,700,700italic&subset=latin,latin-ext'. This request has been blocked; the content must be served over HTTPS.

Error is caused by loading google font via insecure protocol. We need to change http://fonts.googleapis.com/ to //fonts.googleapis.com/. So it will load in secure protocol on HTTPS.

I will provide the patch file later.

CommentFileSizeAuthor
#2 2747467-1.patch616 bytessuryanto
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

suryanto created an issue. See original summary.

suryanto’s picture

FileSize
616 bytes

Here is the patch file. It should fix HTTPS mixed content issue.

bryanbraun’s picture

Awesome. Thanks for reporting the issue and submitting the patch. The change looks good to me. I don't have time tonight but I'll plan to commit this at my next available opportunity.

bryanbraun’s picture

I just remembered a post I once read calling protocol relative an anti-pattern: http://www.paulirish.com/2010/the-protocol-relative-url/

Changing it to https://, as recommended in the post should solve the mixed content issue, so I'll go ahead with that approach.

  • bryanbraun committed 3981cd7 on 8.x-2.x authored by suryanto
    Issue #2747467 by suryanto, bryanbraun: HTTPS Mixed Content issue
    

  • bryanbraun committed b3475da on 7.x-2.x authored by suryanto
    Issue #2747467 by suryanto, bryanbraun: HTTPS Mixed Content issue
    
bryanbraun’s picture

Status: Active » Closed (fixed)

Committed fixes to 7.x-2.x and 8.x-2.x. Thanks for the help!

doktorrr’s picture

How to apply this patch? I get error: No such file or directory