0π
β
In the end the solution was to include a meta tag in the header.
'<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Source:stackexchange.com