http-loaded fonts are rejected when loading secure pages over http

    The current Kemper site design include external fonts from fonts.gstatic.com via http. Some browsers refuse to load fonts for secure pages via the unencrypted protocol and will instead use their own approximation. I suggest that the references to fonts.gstatic.com are changed to https to avoid layout issues with rejected fonts.

    Quote from MentaL

    Your browser should load them just the secure icon should say it's loading insecure elements .

    No. I'm using chrome and the current version of chrome rejects insecure fonts in secure documents. You can choose to load insecure content separately but that has to be confirmed for each page. It is strongly recommended for developers to avoid mixed content. It shouldn't take much to fix in this case as the external server that hold the fonts is already running a secure server with a valid certificate.

    Quote from heldal

    No. I'm using chrome and the current version of chrome rejects insecure fonts in secure documents. You can choose to load insecure content separately but that has to be confirmed for each page. It is strongly recommended for developers to avoid mixed content. It shouldn't take much to fix in this case as the external server that hold the fonts is already running a secure server with a valid certificate.

    Yes, easy fix.. reference ://URL as opposed to http://URL. What version of chrome are you using exactly because I don't have this issue.


    Although I do get this (because of my sig)


    /forum/index.php/Thread/31331-http-loaded-fonts-are-rejected-when-loading-s…p/?postID=338082&#post338082:541 Mixed Content: The page at 'https://www.kemper-amps.com/forum/index.php/Thread/31331-http-loaded-fonts-…-http/?postID=338082&#post338082' was loaded over HTTPS, but requested an insecure image 'http://i.imgur.com/wfKoUbx.png'. This content should also be served over HTTPS.

    Now at 54.0.2840.71 (64-bit). Latest stable version. Makes no difference.


    This is no bug. Mixed secure/insecure content is not recommended. I prefer the strict attitude from my browser.

    But your mixed content doesn't show as mixed here ? Paste the source code or something for me to review or I'll just install a vm and use whatever distro your using. . . .

    When I'm loading the main page "https://www.kemper-amps.com/" the browser is instructed to pull a lot of insecure external resources. The forum is the only part of the Kemper-site that doesn't produce lots of complaints from the browser:


    Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/IY9HZVvI1cMoAHxvl0w9LVKPGs1ZzpMvnHX-7fPOuAc.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/22JRxvfANxSmnAhzbFH8PgLUuEpTyoUstqEm5AMlJo4.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/8qcEw_nrk_5HEcCpYdJu8BTbgVql8nDJpwnrE27mub0.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/rZPI2gHXi8zxUjnybc2ZQFKPGs1ZzpMvnHX-7fPOuAc.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/MgNNr5y1C_tIEuLEmicLmwLUuEpTyoUstqEm5AMlJo4.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/XNVd6tsqi9wmKNvnh5HNEIX0hVgzZQUfRDuZrPvH3D8.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/2HG_tEPiQ4Z6795cGfdivJBw1xU1rKptJj_0jans920.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/cT2GN3KRBUX69GVJ2b2hxn-_kf6ByYO6CLYdB4HQE-Y.woff2'. This request has been blocked; the content must be served over HTTPS.
    http://www.kemper-amps.com/:1 Mixed Content: The page at 'https://www.kemper-amps.com/' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/lato/v11/1KWMyx7m-L0fkQGwYhWwuuvvDin1pK8aKteLpeZ5c0A.woff2'. This request has been blocked; the content must be served over HTTPS.

    yep... you're right.