CSP blocks config from loading

[grimurd]

If page content security policy is set to block-all-mixed-content the config is not loaded as it is loaded over http even though the page and the Rocket.chat server are using HTTPS.

[jwalker5006]

I am getting the same error.

1. RocketChat site running https and reverse proxy
2. Live Chat set to use https
3. But when the live chat loads, I get a partial rendering (See image) and looking at inspect I get the following error

Console Error

Mixed Content: The page at 'https://www.ourdomain.com/' was loaded over HTTPS, but requested an insecure resource 'http://rc.ourdomain.com/api/v1/livechat/config?token=bunchofrandomstuff'. This request has been blocked; the content must be served over HTTPS.
(anonymous) @ VM823:formatted:44

Javascript used

        <script type="text/javascript">
            (function (w, d, s, u) {
                w.RocketChat = function (c) { w.RocketChat._.push(c) }; w.RocketChat._ = []; w.RocketChat.url = u;
                var h = d.getElementsByTagName(s)[0], j = d.createElement(s);
                j.async = true; j.src = 'https://rc.ourdomain.com/livechat/rocketchat-livechat.min.js?_=201903270000';
                h.parentNode.insertBefore(j, h);
            })(window, document, 'script', 'https://rc.ourdomain.com/livechat');
        </script>

I have been digging through rocketchat source code but cannot find out what in the code is trying to render http content