Hello,
With the June 2018 update of ArcGIS Online, ESRI is going to enforce the rule that embedded content in your Story Maps should always use HTTPS hyperlinks. If you open one of your Story Maps, you’ll see the message below. This does not mean that after June 2018 that your Story Maps will be broken if there are HTTP links within them, but they will be increasingly problematic to display (see response from ESRI below as well). You can use this link and log in to your AGOL account and see which Story Maps are using HTTP links and start fixing them: https://storymaps.arcgis.com/en/my-stories/
Warning Message:
Esri is enhancing the security of Story Maps
Your Story Maps live on the web, and the web community is always working to establish and implement better security. HTTPS, which provides a secure connection for content transmitted over the internet, is emerging as the expected way to access web content. Most modern browsers now show warning messages when HTTP instead of HTTPS is used. Because of this emerging standard, beginning with the June 2018 update to ArcGIS Online, your Story Maps will need to use HTTPS.
Practically speaking, this means a Story Map and all its content (including images, layers, embedded apps and websites) must be accessed using links that start with HTTPS rather than HTTP. This ensures the best experience for your readers because most web browsers will indicate that your stories are secure.
What do I need to do?
Esri is working to make this an easy transition for Story Map authors and readers. Tools are available now in Story Map builders and My Stories that help you find insecure content (HTTP) in your stories and provide recommendations for how to address it. Please check your stories for insecure content and update to HTTPS before June 2018.
Response from ESRI on GEONET:
At this time, we are not planning to break any existing stories. We are only planning to enforce HTTPS content for all new stories and new content that is added to existing stories. In my stories, existing stories will receive HTTP content warning. In new stories, HTTP content will be displayed as errors.
That being said, we highly recommend updating your servers to support HTTPS connections. If anyone loads your story over an HTTPS connection, most embedded HTTP content (layers, iframes, images) are already being blocked by modern browser like Chrome, Firefox, and Safari. This is a security restriction by the browser that we cannot override and why we are providing the warnings. In June, Chrome (and other browser following) will begin showing a “Not Secure” warning to all your readers. HTTPS is a best practice for the modern web and there are even ways to get free SSL Certificates for your servers. More information is available here: Frequently Asked Questions | Story Maps.
Thanks for posting. Some of the developers I talk to feel http pages will even become extinct in the foreseeable future. I’d definitely like to see https as the default for what we do on AGOL.