Since yesterday, I had mixed content errors on my website in both Chrome and IE. The error is caused by the Google Translate script included in the header:
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
I downloaded the element.js file and eventually found out where the error was coming from:
var s = window.location.protocol == 'https' ? 'https' : 'http';
Using (any) browser console, we see that the expression "window.location.protocol" returns "https:" (and not "http") on all secure websites. Thus, the script is trying to load a bunch of the necessary CSS / JavaScript resources, prefixing their URL with "http" instead of "https".
This leads to the following errors (one per resource):
The page at https://mysite.com ran insecure content from http://translate.googleapis.com/[something].css
The Google Translate tool is really useful for my users, so I can’t delete it. In addition, I tried to load the script and run it locally, but it does not work. I spent a lot of time on this problem, am I the only one in this situation or has something recently changed in the Google Translate script?
[EDIT]
I just took a look at the Google Analytics code and found that:
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www');
This reinforces the idea that the Google Translate script should also test "https:".
source share