just noticed all the CDNs for place files, images, etc are configured the same.
They should either be upgrading requests to https:// and setting an sts header in the response so the browser knows to use https until the expiration, or rejecting requests not using https protocol entirely.
Not directly related to the mixed contents popup, but it’s similar enough to be worth mentioning here.