fendiaoxiaoshuazi
commented
1 year ago Thanks @holubvl3 , we will only allow HTTPS. The fix will be available on production (planned for June 13).
Closed holubvl3 closed 1 year ago
fendiaoxiaoshuazi
commented
1 year ago Thanks @holubvl3 , we will only allow HTTPS. The fix will be available on production (planned for June 13).
holubvl3
commented
1 year ago Great, thank you very much Ruth @fendiaoxiaoshuazi!
holubvl3
commented
1 year ago Hello Ruth @fendiaoxiaoshuazi , just a comment to forcing HTTPS in URL redirect - thank you for implementing this check - anyway few comments:
1) Could you expand the error message Currently there is a message that " The URL is not valid".
That could be confusing when user enter http address like http://www.arcdata.cz - the user (the less skilled one) could be confused what´s wrong with the url. So, what about to change the text there to "The url is not valid - check the format URL and the HTTPS protocol". What do you think?
2) The save button here is still active - unlike other question wehre invalid input grey out these save/publish buttons - user could miss it that save button here delete the redirect URL.
fendiaoxiaoshuazi
commented
1 year ago Hi @holubvl3 , thank you very much!
holubvl3
commented
1 year ago Hi Ruth @fendiaoxiaoshuazi,
thank you very much. The second point is just an observation nothing crucial for this release :)
Thank you very much!
Is your feature request related to a problem? Please describe. Currently, the URL redirect in the form support to add URL with HTTP protocol. While HTTP is still valid, I am not sure if this won´t be considered as an security issue (since whole AGO/AGE requires HTTPS for services) or a mixed content issue on the background.
Describe the solution you'd like Add a URL check (string check) to form designer, to verify that the URL use HTTPS protocol.
Additional context It could partially prevent the redirect to unwanted pages. It will follow the Esri system rules for URLs in web GIS.