I having a site that loads perfectly fine in Firefox and IE, but is being blocked by Chrome. Chrome is complaining about mixed mode content, however all resources are accessed by relative URLs within the same domain.

From my understanding, a relative URL should use the same protocol as the "main" page that is being loaded. That being the case I have the following:

<link href="/assets/css/small.css" title="Small" rel="alternate stylesheet" type="text/css" />
<link href="/assets/css/large.css" title="Large" rel="alternate stylesheet" type="text/css" />

Both are Relative URLs. When the page is loaded via HTTPS I get the following from the Chrome Console (I change the domain name for my client's privacy):

    [blocked] The page at https://www.example.com/Login/ ran insecure
    content from http://www.example.com/assets/css/small.css. 

    [blocked] The page at https://www.example.com/Login/ ran insecure content from
    http://www.example.com/assets/css/large.css.

Am I wrong in the assumption that relative URLs should honor the requested protocol?

UPDATE: It is also blocking .js files referenced the same way:

<script src="/assets/scripts/change-text-size.js" type="text/javascript"></script>

is being blocked:

[blocked] The page at https://www.example.com/Login/ ran insecure content from http://www.example.com/assets/scripts/change-text-size.js.

Another weird thing is that if I do view-source on the page that is having the issue, I see the relative url and if I hover the cursor over the "link" to the asset (stylesheet, .js file) the tooltip DOES say it is https:.

Update 2: There is nothing referenced in the .css file. Here is the entire contents of the "small.css" file mentioned above:

div#content-wrap,
div#content-one-col
{
    font-size: 65%;
}

In your public example, the static assets are redirecting to the http version, causing Chrome to complain.

Eg if you go to https://www.bayerglucofacts.com/assets/css/de-de.css - you get a 302 redirect to http://www.bayerglucofacts.com/assets/css/de-de.css which gives the error.

I've been having the same problem, and this was due to a <base> tag pointing to the non-SSL version of the site.

However, as ScottR pointed out, this was due to your CSS redirecting to the non-SSL version. It seems that is fixed now - don't forget to accept his answer though!

It seems most likely that a link inside the css is pointing to an http image/resource.