requested an insecure form action - Chrome

I am experiencing an issue with Chrome only. A partner is using an IFRAME to hit our SSO endpoint. When this happens, the IFRAME’s content becomes:

<form method=“post” action=“”>">

<input type=“hidden” name=“RelayState” value=“”>">

NOTE: I have removed the SAML Response Value, but it is a valid response.
Then, chrome generates the following error:
send?sp=KDS-QA&SAMLRequest=[Valid Request Data] Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure form action ‘’. This request has been blocked; the content must be served over HTTPS.

I cannot figure out where the unsecured version of the login request is coming from. To be sure, it is not in the code-base as I’ve searched it, and I do not see it in the host application’s code when I inspect the code that I can see.

Any suggestions are welcomed.


I’m not sure. I suggest using Chrome browser developer tools (F12) to capture the network traffic to see what’s happening. Let me know what you find.