By default, this is true. Mapbox.js always requires HTTPS resources, regardless of the host page's scheme.

Setting FORCE_HTTPS to false makes Mapbox.js auto-detect whether the page your map is embedded in is using HTTPS or SSL, and matches: if you use HTTPS on your site, it uses HTTPS resources.


L.mapbox.config.FORCE_HTTPS = false;