Hello ArcGIS Online Team,
Our team had a few questions as we get ready to switch our content to HTTPS only and we were wondering if you could help?
We've used the AGO Security Advisor (highly recommend this tool to others who see this thread) and identified the applications that are not HTTPS ready. Many of these applications have images or content coming from our web server (not an ArcGIS Server), where we do have the capability to switch to HTTPS. Our question- If we switch the web server content to HTTPS will the URLs in the AGOL apps automatically update to HTTPS or will they need to be manually updated (and in turn show mixed content warning)?
Thanks in advance for any clarity!
The URLs in ArcGIS Online apps will not automatically update, you will need to manually update them from http to https.
One method to update the urls (and worth trying and testing) is to use ArcGIS Online Assistant. Here, you can edit the JSON of each web map stored in your ArcGIS Online site. Each web map's configuration is stored in a JSON string so by editing the JSON you can manipulate the web map outside of ArcGIS Online user interface. Make sure you back up all the JSON files\text before making any changes and take extra care when modifying the code.
ArcGIS Online Assistant - https://ago-assistant.esri.com/
Hope this helps
We're also wondering about this, as we've discovered services in our apps that are referencing HTTP content.
If I'm understanding correctly, updating our hosting servers to HTTPS isn't enough? We'll also need to manually update the url paths of the content used in the apps? Can you confirm?
Hello Amanda and Kellie
Yes, for the most part, most items have a url in their description definitions so everything would need to be updated to https. However, the following link may be very helpful for updating layers
In AGOL, go to a web map's item page -> Settings -> Layer Settings and there is the option there to Update Layers to HTTPS. This button updates the layers\feature services within the web map from http to https.
I would be interested to know how this results for you
Thanks so much for that great resource. Unfortunately it doesn't quite answer my question.
I'm wondering about the media (images, videos, etc) that may be used in popups, applications, etc~ when switching to HTTPS on the server for these items will the url references to this media also respect the HTTPS setting or will they manually need to be updated?
File based urls or application intergration urls would not be updated to https through this setting if the url is stored as a data value in a field. I tested this out In AGOL (one feature with url of http and a second feature with url of https) and both were able to be clicked on and open a pdf document in a new tab. I would update these stored data values as a matter of good practice.
My understanding is that photos or videos being stored against a feature hosted layer ( for example embedded in a pop up window) will be updated by this setting.