SSL: Why does Chrome report mixed content? (Drupal 6)

Question

I\'ve just got a site running nicely with the whole site running through SSL, but Google Chrome is throwing a \"This page contains some insecure elements\" message, which is

Answer 1

Search the source for http:? Something like <Ctrl-U> <Ctrl-F> http: in firefox should do.

The insecure element is something loaded over insecure — non-https — connection, e.g. image, stylesheet, etc. you obviously need fully qualified URL to load insecure element/

Answer 2

I just had a similar problem. Turns out it was a hardcoded background image URL in a CSS file.

You should particularly check any 3rd party stylesheets you are using, as they may hotlink to an image on another server.

Easy solution? Save those images to your server and change the URLs to relative paths in the CSS file.

Hope this helps!

Answer 3

It's probably related to this bug:

http://code.google.com/p/chromium/issues/detail?id=24152

Which is why a restart fixed it.

Answer 4

In Chrome, this is trivial. Hit ctrl+shift+j to open the developer tools, and it will plainly list the URL of the insecure content.

Try it on https://www.fiddler2.com/test/securepageinsecureimage.htm, for instance.

Answer 5

Use Firebug plugin of Firefox. In the NET tab all file locations are shown clearly. Try to find any files that are obtained from http protocol.

Answer 6

It could be a browser issue? Have you tried restarting, or clearing all of your cache?