Hello all,
As we all have been embarking on this HTTPS update adventure, I’m sure that some of you have found that there are many ‘http’ elements that are hidden deep within your web maps or apps that are hard to find.
‘Hidden’ http content that will need to be updated include the following:
- Service URLs in Web App Builder Apps widgets (like Print, Search, Basemaps, and Attribute Tables)
- Links within the text of an About widget
- Pop-up content (including custom expressions)
- Item Description
- Terms of Use
ESRI has an ‘unofficial’ tool called ‘ArcGIS Online Security Advisor‘ which is referenced on their ArcGIS Trust Center page, as well as several GeoNet articles. It is a web-based tool that scans all of your AGOL content (description and data JSON files) and creates a report of all of your ‘http’ content that may not be obvious. DRP and DPW have tested this tool out and have found it to be very useful….especially if you have a lot of content. This tool does not fix your content, you will still need to make the updates as outlined in the link referenced above from the eGIS team, but this is a good way to find problematic elements.
As a reminder, the eGIS team has posted a step by step guide to updating your content using either AGOL, or GeoJobe on eGIS Central: Updating AGOL Items to HTTPS, ArcGIS Online User Group page
Steps to use the tool
- Open the link to ‘ArcGIS Online Security Advisor‘ and log in with your credentials.
- Enter in the following parameters:
- Owner Name – enter your owner name (eg. owner:”dhoffman@planning.lacounty.gov_lacounty”). VERY IMPORTANT TO DO THIS, otherwise ALL of LA County’s AGOL content will be scanned.
- Excluded Fields – I just removed all of these so I can see everything. For sure you’ll want to at least include’description’ and ‘licenseinfo’ (terms of use). (By default, these items are excluded: title, description, license, licenseinfo, copyright, accessInformation)
- Excluded URLs – I just entered in the following URL as it shows up in a lot of basemap descriptions which will be in almost all of our content: http://goto.arcgisonline.com (By default these are excluded: arcgis.com, arcgisonline.com)
- Hit Scan on the top right-hand corner and all of your content will be scanned.
- An output table will show below. Unfortunately there is no way to export this into a spreadsheet, so you can just highlight the table and copy/paste it into a spreadsheet for your use. If there is more content than you want to see, you can modify the parameters above, hit ‘Clear’ in the upper right-hand corner, and ‘Scan’ again. You can also just use this embedded table to go through and update your content using the links provided in the Analysis field. If you have a lot of content, you may just want to paste it into a spreadsheet and track your progress.
- The table itself is fairly self explanatory. The Analysis field breaks down where exactly all the http: content is.
- You will need to go into each web map / web app and configure your content. If you feel comfortable updating the JSON directly, you can do so in AGOL Assistant if you accept the risks.
The FUN PART of course is updating all your content! This is a good time to do some spring cleaning though (even though it is November). If you notice any quirks or issues with this tool, or have some suggestions, please be sure to comment below.
Happy Cleaning!