Starting with*Google Chrome*version 50, some of the HTML5*Web APIs*will require websites to be using a secure origin like*HTTPS*to work correctly. The APIs that will be affected are:*Geolocation,*Fullscreen,*Device motion*and*Device orientation.
What does it mean?
Simply put, unless sites are running on the HTTPS protocol, they won’t work as expected.
Who’s affected by this change?
Many developers are using these APIs in apps alongside or with the ArcGIS API for Javascript. These APIs also provide key functionality for users in configurable or custom apps,*WebApp Builder for ArcGIS, and the*map viewer used in ArcGIS Online and Portal for ArcGIS.
For instance, the*Locate*widget uses the*Geolocation*API to prompt the user for permission to find their position. If the user allows, it will navigate the map to their current location. This widget is used in the map viewer, WebApp Builder, configurable apps and custom user apps.
Once Chrome has been automatically updated to version 50, the Locate widget will need to run on a website using HTTPS*in order to successfully get the user’s current position. When the Locate widget is used on the HTTP protocol, a user will still be able to click the button, but nothing will happen and a warning will be logged in their browser’s console.
Why is this changing?
Chrome is making these changes to protect a user’s private information from a network attacker.
Functionality such as prompting for a user’s location, wasn’t originally required to be using a secure origin. However, it probably should have been to prevent unauthorized access to personally-identifiable information. It seems likely that other browsers will follow suit and may start requiring secure origins for some of these APIs to work as well. It’s better to be prepared for that, and more security is good too!
Although, it’s great to be more secure, it’s going to require changes to web hosts in order to keep the functionality working.
What you can do?
In order to keep everything working as expected, make sure that your apps are using a secure origin. See the following resources for setting up your organization, portal, or server with HTTPS.
On our side, we’ll be checking the browser to see if it is running on an insecure origin. If it is, we will disable the functionality that requires a secure origin. We’ll do this where necessary in our widgets and apps.
أكثر...
What does it mean?
Simply put, unless sites are running on the HTTPS protocol, they won’t work as expected.
Who’s affected by this change?
Many developers are using these APIs in apps alongside or with the ArcGIS API for Javascript. These APIs also provide key functionality for users in configurable or custom apps,*WebApp Builder for ArcGIS, and the*map viewer used in ArcGIS Online and Portal for ArcGIS.
For instance, the*Locate*widget uses the*Geolocation*API to prompt the user for permission to find their position. If the user allows, it will navigate the map to their current location. This widget is used in the map viewer, WebApp Builder, configurable apps and custom user apps.
Once Chrome has been automatically updated to version 50, the Locate widget will need to run on a website using HTTPS*in order to successfully get the user’s current position. When the Locate widget is used on the HTTP protocol, a user will still be able to click the button, but nothing will happen and a warning will be logged in their browser’s console.
Why is this changing?
Chrome is making these changes to protect a user’s private information from a network attacker.
Functionality such as prompting for a user’s location, wasn’t originally required to be using a secure origin. However, it probably should have been to prevent unauthorized access to personally-identifiable information. It seems likely that other browsers will follow suit and may start requiring secure origins for some of these APIs to work as well. It’s better to be prepared for that, and more security is good too!
Although, it’s great to be more secure, it’s going to require changes to web hosts in order to keep the functionality working.
What you can do?
In order to keep everything working as expected, make sure that your apps are using a secure origin. See the following resources for setting up your organization, portal, or server with HTTPS.
- Configure security settings*in ArcGIS Online.
- About securing your portal
- Securing your ArcGIS Server site
On our side, we’ll be checking the browser to see if it is running on an insecure origin. If it is, we will disable the functionality that requires a secure origin. We’ll do this where necessary in our widgets and apps.
أكثر...