I was integrating Amazon Payments for a Magento customer and received an ssl warning on the cart page when secure cart was enabled:

Mixed Content: The page at ‘https://www.example.org/magento/index.php/checkout/cart/’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://www.example.org/checkout/cart/estimateUpdatePost/’. This endpoint should be made available over a secure connection.

This GitHub thread pointed me the right direction. I pulled the latest package but there was no concession for the referenced issue. Time to dig.

My customer’s theme differed slightly – I ended up adding the URL to the secure_url node inside of app/code/community/Amazon/Payments/etc/config.xml

<cart_estimateupdatepost>/checkout/cart/estimateUpdatePost</cart_estimateupdatepost>

No more mixed content and increased conversions as the visitor feels more secure.