English

FAQ: What do I need to know about ArcGIS Hub regarding enforcement of the HTTPS-Only Standard, update to HTML Rules, and legacy site shutoff?

Question

What do I need to know about ArcGIS Hub regarding enforcement of the HTTPS-Only Standard, update to HTML Rules, and legacy site shutoff?

Answer

Note:
ArcGIS Hub has HTTPS-only changes coming on September 8th, 2020. If the links on your sites and pages are not updated to the HTTPS-only standard by September 8th, they will display a browser security warning to people who try to view them. 

After strict HTTPS enforcement (HSTS) is enforced in December 2020, web browsers will not allow visitors to access sites containing HTTP links.
HTTPS-Only Enforcement

Esri is committed to providing strong security for the ArcGIS platform by using the latest industry standards and best practices for security protocols. As of December 2020, strict HTTPS enforcement (HSTS) will be enforced across the ArcGIS platform. To help meet these requirements, ArcGIS Hub is being updated to enforce the use of the HTTPS-only standard on all sites and pages, starting September 8th, 2020. This gives ArcGIS Hub users time to find and replace HTTP links with HTTPS links before strict HTTPS enforcement (HSTS) is applied later in the year.

Who Is Affected?

This applies to anyone who has created an ArcGIS Hub site that contains HTTP URLs.

What Do I Need to Do?

If you have created ArcGIS Hub sites or pages, review the URLs included in those sites or pages to make sure that they are HTTPS-only. Review any links for images, social media feeds, or other content that may have been added to your sites or pages. Administrators can scan their ArcGIS Online organizational sites and pages for HTTP content ahead of the deadline by using the ArcGIS Security Advisor tool, available on the ArcGIS Trust Center site.

What If I Do Not Update the URLs for My Sites and Pages?

If you have not updated the links on your sites and pages to the HTTPS-only standard by September 8th, 2020, your sites and pages will display a browser security warning to people who try to view it. After strict HTTPS enforcement (HSTS) is enforced in December 2020, web browsers will not allow visitors to access sites containing HTTP links. 

Update to HTML Rules

To help our customers have more secure sites, the ArcGIS Hub and ArcGIS Enterprise teams are making important updates to places on sites where custom HTML elements can be added—namely, site text cards, headers, and footers—to ensure that the HTML is valid.

Who Is Affected?

This affects anyone who has created a site in ArcGIS Hub, or created a site in ArcGIS Enterprise Sites earlier than version 10.8.1.

What Do I Need to Do?

To ensure uninterrupted performance of the text cards, headers, and footers using custom HTML syntax on your ArcGIS Hub sites, all site authors need to review their sites and pages prior to the updated HTML rules going into effect on September 8th, 2020.

To inspect your sites and pages for unsupported or invalid HTML code that may be exposed on your site, review your site from within the ArcGIS Hub or Enterprise Sites site editor. Alternatively, click the View button from within the site editor to preview the site. If you see any HTML-like code on your site, this indicates the HTML tag you used is not supported, such as the <script> tag, or is invalid HTML, such as the <h7> tag.

To find valid HTML element replacements, we recommend using an internet search engine and entering the term "HTML5" plus your current unsupported or invalid tags. You can also visit our documentation pages for a full list of supported elements.

What If I Do Not Update Custom HTML Code?

Visitors to your sites will see the invalid or unsupported HTML syntax exposed on your site, potentially resulting in a confusing or a less than optimal user experience.

Related Information

Last Published: 8/12/2020

Article ID: 000023969