Mixed Content: This request has been blocked; the content must be served

Hi,

moved our app from htdocs/sub-folder to /htdocs (linux server)

now receiving:
Mixed Content: The page at ‘https://domain.ca//login’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://fonts.googleapis.com/css?family=Varela’. This request has been blocked; the content must be served over HTTPS.

is there a php CSP entry syntax for this item

or can this be added:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> 

I added:
Header always set Content-Security-Policy “upgrade-insecure-requests;”
to the .htaccess file, but it still blocks the site from loading

thanks,

The error message said you tried to load your stylesheet by http:// (not by https://), it should not be related CSP. You better find where you added your stylesheet and load it by https:// instead, i.e. https://fonts.googleapis.com/css?family=Varela.