How to force loading dynamic, insecure content in Chrome?

According to this Chrome Support Q&A you can launch your Chrome with the following command line flag to prevent Chrome from checking for insecure content:

--allow-running-insecure-content

Here is some documentation on how to run Chrome with command flags

Chrome simply will not load an insecure script in a secure page.

Does your jira.js have to be loaded from a server? The best way to inject it into the page would be by including it in your extension bundle.

var s = document.createElement('script');s.src = chrome.extension.getURL("jira.js");s.onload = function() {    this.parentNode.removeChild(this);};(document.head||document.documentElement).appendChild(s);

If you must load it from a server, I suppose your extension could make a XHR request for the script, then inject the response into the page.

// make a XHR request, then...var s = document.createElement('script');s.textContent = codeFromXHR;(document.head||document.documentElement).appendChild(s);s.parentNode.removeChild(s);

I had the same problem:Our client link a CSS file and js file hosted in our server on a domain which is not secure.

We will solve it by using Amazon CloudFront. They server HTTPS using their certificates which is verified.

That's not a bad solution for use since CDN is often a good idea and these resources are somewhat static. (The CSS file is tailored for each client and is in fact generated but a sane TTL can be configured and the CDN flushed if required)

Note that the CDN solution may even be more affordable than actually buying a certificate depending on your data load.