I have a couple of sites that use SSL for checkout etc but not for normal pages. I have noticed that in some circumstance Chrome reports secure pages (ie login through checkout) as having mixed secure and insecure content. When I look at the page source however everything is https. Firefox etc are fine and don’t complain, it just seems to be Chrome (I’m using Chrome 16).
The scenario to replicate this is as follows:
Add something to the basket.
Go to the homepage but use https://domain.com thus forcing the page to go secure
I get mixed content warnings and can see css/js is in deed insecure - not worried about this as you should not be under SSL
Now go to checkout. Chrome still moans about mixed content but when you look at the page source all seems to be under https
I’ve replicated this in 1.4.2 and 1.6.1 so it doesn’t seem to be version specific.
Personally I don’t think it’s Magento itself but something dodgy in Chrome but wondered if anyone else has experienced this either on Magento or any other sites.
I have also seen a Magento site where if you go to the homepage under https all elements render as https so the issue doesn’t manifest.
Do you use the CSS compiler? Please check your merged CSS file if there are urls to images which are using http.
Also try to refresh the css cache.
Some further digging around on this came up with the issue of it happening only on CMS pages by the looks of things so I have rewritten the cms controllers so they force a redirect to http if they are requested as https. We only ever want these to be http so this seems sensible.
Not sure if this would be the same on a stock install of Magento. We have our own block cache module and various others that may have caused this so I’ll check with a vanilla install.
We don’t use the css minifyer etc so not that but thanks for the info.