Mixed content from Google Sites

I have a domain parked at Cloudflare and am forwarding it to a Google Site via a ghs.googlehosted.com cname.

When I load the Google Site directly, SSL is OK. However when loading through the Cloudflare domain, there is a mixed content error. It is from http://cgi.gstatic.com where Google Sites store graphics. Don’t know why the error is only when the Google site is accessed through the Cloudflare forwarded domain.

Do you have Automatic https rewrites enabled on the ssl/tls app?

Yes, Auto Rewrites is enabled.
Also, Always Use HTTPS.

Yep, mixed content

jot_min_view__en.js:131 Mixed Content: The page at 'https://www.avpusaconference.org/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.avpusaconference.org/_/tz?jot.xtok=undefined&afjstz=lg1E0r1g1A4r2g1E0r2g1A4r8'. This request has been blocked; the content must be served over HTTPS.

Appears to be related to a script which won’t be altered by https rewrites, you need to edit the javascript. The resource is available via https:

Thanks for the investigation!

However, I don’t think I can edit anything. Avpusaconference.org is forwarded to a Google Site: https://sites.google.com/a/avpusa.org/annual-gathering-2020/. I can’t edit Google’s script.

I’m also still confused why the Google.com site is fine, but forwarding breaks the resource.

for some reason, the link(s) on the page are set to http:// and are served via a javascript file, something CF can’t rewrite the URLs for. This link needs to somehow be changed to https://, or the header upgrade-insecure-requests needs to be set to 1.

Might be related to the “SSL Mode” you have set (likely flexible) - you could try temporarily changing it to Full or Full Strict to see if that gets google to serve https links instead of http.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.