Frequently asked question

What do I need to know about ArcGIS Hub regarding enforcement of the HTTPS-Only Standard, update to HTML Rules, and legacy site shutoff?

Last Published: December 15, 2020

Answer

Note:
ArcGIS Hub made HTTPS-only changes on September 8th, 2020. If the links on your sites and pages are not updated to the HTTPS-only standard, they will display a browser security warning to people who try to view them. 

After strict HTTPS enforcement (HSTS) was enforced in December 2020, web browsers will not allow visitors to access sites containing HTTP links.
HTTPS-Only Enforcement

Esri is committed to providing strong security for ArcGIS by using the latest industry standards and best practices for security protocols. In December 2020, strict HTTPS enforcement (HSTS) was enforced across the ArcGIS product suite. To help meet these requirements, ArcGIS Hub was updated to enforce the use of the HTTPS-only standard on all sites and pages, on September 8th, 2020. This gave ArcGIS Hub users time to find and replace HTTP links with HTTPS links before strict HTTPS enforcement (HSTS) was applied later in the year.

Who Is Affected?

This applies to anyone who has created an ArcGIS Hub site that contains HTTP URLs.

What Do I Need to Do?

If you have created ArcGIS Hub sites or pages, review the URLs included in those sites or pages to make sure that they are HTTPS-only. Review any links for images, social media feeds, or other content that may have been added to your sites or pages. Administrators can scan their ArcGIS Online organizational sites and pages for HTTP content ahead of the deadline by using the ArcGIS Security Advisor tool, available on the ArcGIS Trust Center site.

What If I Do Not Update the URLs for My Sites and Pages?

If you have not updated the links on your sites and pages to the HTTPS-only standard as of September 8th, 2020, your sites and pages will display a browser security warning to people who try to view it. After strict HTTPS enforcement (HSTS) was enforced in December 2020, web browsers will not allow visitors to access sites containing HTTP links. 

Update to HTML Rules

To help our customers have more secure sites, the ArcGIS Hub and ArcGIS Enterprise teams are making important updates to places on sites where custom HTML elements can be added—namely, site text cards, headers, and footers—to ensure that the HTML is valid.

Who Is Affected?

This affects anyone who has created a site in ArcGIS Hub, or created a site in ArcGIS Enterprise Sites earlier than version 10.8.1.

What Do I Need to Do?

To ensure uninterrupted performance of the text cards, headers, and footers using custom HTML syntax on your ArcGIS Hub sites, all site authors need to review their sites and pages prior to the updated HTML rules applied on September 8th, 2020.

To inspect your sites and pages for unsupported or invalid HTML code that may be exposed on your site, review your site from within the ArcGIS Hub or Enterprise Sites site editor. Alternatively, click the View button from within the site editor to preview the site. If you see any HTML-like code on your site, this indicates the HTML tag you used is not supported, such as the <script> tag, or is invalid HTML, such as the <h7> tag.

To find valid HTML element replacements, we recommend using an internet search engine and entering the term "HTML5" plus your current unsupported or invalid tags. You can also visit our documentation pages for a full list of supported elements.

What If I Do Not Update Custom HTML Code?

Visitors to your sites will see the invalid or unsupported HTML syntax exposed on your site, potentially resulting in a confusing or a less than optimal user experience.

Article ID:000023969

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Related Information

Discover more on this topic