Firebase hosting - Load scripts from unauthenticated sources

511 views Asked by At

first, I deployed a website using Firebase hosting.
then, bought a domain from Godaddy, and linked them together.

note: everthing working great so far - https etc.

But, when loading the site(with chrome) I get this error:

This page is trying to load scripts from unauthenticated sources

Example in https://saharmillis.info/

enter image description here

enter image description here

enter image description here

When pressing the "load unsafe scripts" the HTTP get cancelled.

In the console I get some errors about link by http instead of https,
but all my CSS files & scripts, located on my Firebase host locally.

2

There are 2 answers

1
Frank van Puffelen On BEST ANSWER

If you open the developer console of Chrome, you will see very explicit errors with the URLs that cause the problem:

http://fonts.gstatic.com/s/opensans/v13/PRmiXeptR36kaC0GEAetxolIZu-HDpmDIZMigmsroc4.woff2

http://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciPk_vArhqVIZ0nv9q090hN8.woff2

So your code is (directly or indirectly) loading fonts that are served over HTTP. Note that fonts.gstatic.com can serve the files over HTTPS as well. So if you find where the includes come from, you can just replace http:// with https:// to get rid of the error.

Update: a quick check shows that the URLs are in the files in your font folder. E.g. Droid+Sans.css:

/* latin */
@font-face {
  font-family: 'Droid Sans';
  font-style: normal;
  font-weight: 400;
  src: local('Droid Sans'), local('DroidSans'), url(http://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciPk_vArhqVIZ0nv9q090hN8.woff2) format('woff2');
  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000;
}
0
Sahar Millis On

Replaced all the
"http://" to "//"

Just in case...