So in the process of moving my blog to https (thanks for the 1 year free certificate siteground) I have not been able to resolve the mixed-content warnings from Chrome using some of the Amazon Associates shopping widgets.
Even though the page is indeed coming from a https: URL, and the javascript that loads the ads widgets is loading over https: from amazon, the images for the dynamically created ad widget will only load over http URLs. This means that Chrome raises a mixed content warning, and removes the green padlock from the URL bar.
All attempts to resolve this via help channels at Amazon have so far failed.
Users have been complaining about this problem for several years now.
This is my plea for help !
Symptom
The green padlock goes away after the page loads đŚ
The Chrome browser console has several errors like this;
Mixed Content: The page at 'https://rosacea-support.org/favourite-over-the-counter-treatments.html' was loaded over HTTPS, but requested an insecure image 'http://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg'. This content should also be served over HTTPS.
So here is the actual problem – the code generated by the javascript loads
http://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg
instead of
https://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg
Web Site Code
Here is the block of javascript that loads the widget
amzn_assoc_placement = "adunit0"; amzn_assoc_enable_interest_ads = "true"; amzn_assoc_tracking_id = "PRIVATE"; amzn_assoc_ad_mode = "auto"; amzn_assoc_ad_type = "smart"; amzn_assoc_marketplace = "amazon"; amzn_assoc_region = "US"; amzn_assoc_linkid = "6b455ae8e40389f961f7ba9651e96dae"; amzn_assoc_emphasize_categories = "51569011,2619525011,2617941011,165796011,3760911,1000,13900861,5088769011,2238192011,16310101,3760901,1055398,3367581,284507,599858,1064954,2972638011,2619533011,672123011,3375251,228013,165793011,377110011"; amzn_assoc_fallback_mode = {"type":"search","value":"rosacea"}; amzn_assoc_default_category = "All"; //z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US
You can see the script is sourced as // which means that the URL that Chrome uses to load the script will take either http or https from the browser session that the current user is loading the page with.
The widget does work, the ad block is displayed.
but at the expense of the errors and losing the reassuring green padlock.
C’mon amazon, please fix this.