Last modified: 2014-03-10 17:45:32 UTC
When I access the Wikimedia blog on https, I get a warning on chrome that it contains unsecured elements, which means the site isn't completely secure. They need to be found and made secure.
One is the information button of "For versions in other languages, please check the wiki version of this report, or add your own translation there!", and another is "‘Tofu’ Detection". Both are from blog content instead of the software.
Take a look at the pictures, looking at my console I getting, The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-Diagram.png': this content should also be loaded over HTTPS. blog.wikimedia.org/:1 The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow-Diagram.png': this content should also be loaded over HTTPS. blog.wikimedia.org/:177 The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but displayed insecure content from 'http://upload.wikimedia.org/wikipedia/commons/thumb/3/35/Information_icon.svg/32px-Information_icon.svg.png': this content should also be loaded over HTTPS. It's the images that are causing the warnings, they should be loaded with https, not http.
(In reply to Techman224 from comment #2) > Take a look at the pictures, looking at my console I getting, > > The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but > displayed insecure content from > 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow- > Diagram.png': this content should also be loaded over HTTPS. > blog.wikimedia.org/:1 > > The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but > displayed insecure content from > 'http://upload.wikimedia.org/wikipedia/commons/7/7d/ULS-WebFonts-Workflow- > Diagram.png': this content should also be loaded over HTTPS. > blog.wikimedia.org/:177 > > The page at 'https://blog.wikimedia.org/' was loaded over HTTPS, but > displayed insecure content from > 'http://upload.wikimedia.org/wikipedia/commons/thumb/3/35/Information_icon. > svg/32px-Information_icon.svg.png': this content should also be loaded over > HTTPS. > > It's the images that are causing the warnings, they should be loaded with > https, not http. This is like what happens when a sysop puts importScriptURI("http://bits.wikimedia.org/...") in MediaWiki:Common.js. There's nothing that can be done from developer or sysadmin side. Ask blog post writers to fix them.