Overview:
Some users may have Viewers that are loaded over a secure HTTPS connection, but resources loaded in that Viewer (map services, workflows, geocoders, etc.) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. For more info, see What is Mixed Content? (developers.google.com)
What's changing?
With GVH 2.12, we implemented version 3.25 of the ArcGIS API. In this version, Esri is highly encouraging the use of secure services with HTTPS by automatically upgrading HTTP requests that would result in Mixed Content.
What does this mean for you?
For more details, please see the Esri release notes: What's new in Version 3.25. If you have further questions about how this will affect your environment, please contact Geocortex Support (support@geocortex.com).
Solution:
To avoid this issue, we recommend ensuring that all resources consumed in your SSL-secured viewer are also SSL-secured. Aside from providing security and data integrity for both your Viewers and your users' personal information, HTTPS is a requirement for many new browser features. If you need assistance converting your Viewers to request all resources over HTTPS connections, please contact Geocortex Support (support@geocortex.com).
Some users may have Viewers that are loaded over a secure HTTPS connection, but resources loaded in that Viewer (map services, workflows, geocoders, etc.) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. For more info, see What is Mixed Content? (developers.google.com)
What's changing?
With GVH 2.12, we implemented version 3.25 of the ArcGIS API. In this version, Esri is highly encouraging the use of secure services with HTTPS by automatically upgrading HTTP requests that would result in Mixed Content.
What does this mean for you?
- If your Viewer is loaded over HTTPS, and you are accessing resources from unsecured (HTTP) resources, the requests will automatically be switched to the HTTPS protocol. If the desired resource is not available over HTTPS, the request will fail.
- Any service connections you have that use a proxy page to promote an HTTP connection to HTTPS may fail, since the Esri JavaScript API will upgrade the service URL to use the HTTPS protocol, even before redirecting through the proxy page. To avoid this issue, we recommend ensuring that all resources consumed in your SSL-secured viewer are also SSL-secured.
For more details, please see the Esri release notes: What's new in Version 3.25. If you have further questions about how this will affect your environment, please contact Geocortex Support (support@geocortex.com).
Solution:
To avoid this issue, we recommend ensuring that all resources consumed in your SSL-secured viewer are also SSL-secured. Aside from providing security and data integrity for both your Viewers and your users' personal information, HTTPS is a requirement for many new browser features. If you need assistance converting your Viewers to request all resources over HTTPS connections, please contact Geocortex Support (support@geocortex.com).
Comments
0 comments
Article is closed for comments.