Some tutorial demos do not work due to mixed content (Http/Https)

[nspaeth]

In Chrome 44, loading, eg.
https://dojotoolkit.org/documentation/tutorials/1.10/mobile/flickrview/part3/demo/flickrview.html

Fails with

Mixed Content: The page at 'https://dojotoolkit.org/documentation/tutorials/1.10/mobile/flickrview/part3/demo/flickrview.html' was loaded over HTTPS, but requested an insecure script 'http://api.flickr.com/services/feeds/photos_public.gne?tags=famous%2Cbridge…8112688646&jsoncallback=dojo_request_script_callbacks.dojo_request_script0'. This request has been blocked; the content must be served over HTTPS.

[itorrey]

@nspaeth This appears to be true but I'm wondering where the link to the https is coming from? I see on the tutorial page that the link is to http://dojotoolkit.org/documentation/tutorials/1.10/mobile/flickrview/part3/demo/flickrview.html which works correctly.

[dylans]

My guess is the link would be coming from people using a plugin that encourages the browser to use SSL whenever possible such as https://www.eff.org/https-everywhere

[carmelowoodgett]

Not sure if this is the issue but I took a quick look at the headers coming back with the page and noticed this:

I misread the headers. It's Chrome sending the following header.

"Upgrade-Insecure-Requests: 1"

https://googlechrome.github.io/samples/csp-upgrade-insecure-requests/index.html