HTML5 Viewer Add layer at run time
Hi all,
As you know, Silverlight viewer has an "Add Layer" tool in Data source tab which let you add map service at run time, but I couldn't find this tool in HTML5 Viewer, is there any way to do this in HTML5 Viewer?
Regards
0
-
Peter, We are deperately waiting on this too, and I think there is talk of it arriving at 2.7
Basically it's on their high priority list based on the recent webinars and conference sessions0 -
Thanks Gareth for update. 0 -
It's coming soon! In the 2.7 HTML5 viewer, you'll be able to search for and dynamically add map services and layers from ArcGIS Server and ArcGIS Online, as well as WMS layers. 0 -
Hi Jordan, I know it has been little over year since you replied to this question. Yes, I can do search and dynamically add map services on 2.7 HTML5 viewer but in order for this happen, Map Server URL has to be registered under Service Connections from Geocortex Essential Manager.
Is there any way I can to add map services from any Map Server without registering it's URL onto Service connections?
Thanks
Jaeyoung0 -
Hi, Jaeyoung. For security reasons, viewer users are not able to add map services without their servers' URLs first being whitelisted by an administrator in Manager. 0 -
As an administrator, I don't have an issue if my users want to add map services from external providers, as they could previously with the Silverlight viewer.
Could you please elaborate on the security reasons why we should not allow this, and is there a way that I can allow it if we as a business decide that the risk is outweighed by the benefit?0 -
Hi Lindsay,
When the ArcGIS JavaScript API loads a map service from a different domain than the viewer it evaluates whatever JavaScript code happens to be at the map service URL. It uses a process called JSONP to do this. If the URL is not a trusted source this is very risky.
If the map service URL happens to point to some malicious JavaScript code rather than an actual service what happens is the end user runs that code inside their web browser. The malicious code would typically do something like:- Obtain any security access tokens from the viewer application and use them or send them to an external service.
- Issue HTTP requests to other services from the end user’s web browser. Since it is technically the end user that is making these HTTP requests whatever cookies or Windows credentials the user has may be part of these requests. This allows the malicious code to attack other systems on your intranet or the public internet using legitimate credentials.
- I receive an email to check out a new free high resolution orthophoto base map. Sounds cool!
- I plug the map service URL into my viewer and it appears to load. Or maybe it doesn’t. It doesn’t really matter since the damage is already done.
- The loading of that URL actually ran some extra code that sent my security access token to another server on the internet and issued HTTP requests to delete features from an editable ArcGIS feature service on my intranet that is secured with Windows Integrated security.
We have not provided an administrative switch for this. There are very few scenarios where it would be truly safe to open this up. We also know that there is a demand for this capability and that if it were to be possible it would be enabled in cases where it definitely should not be despite our warnings.
Silverlight was not prone to this problem (at least not in the same way) since the underlying technology would not run code that it downloaded from an untrusted source.
?I hope this provides some clarity on our reasoning even though it is not the answer many people are looking for.
--Ryan0 -
Hi Ryan,
Thanks for the comprehensive answer!
We don't always get the detailed reasoning behind a change in functionality or an apparent limitation of the software, so it's great to be given a real world explanation.
While I would still prefer to have the functionality that the Silverlight viewer offered, I can now appreciate the decision that Latitude have made.
Cheers,
Lindsay0
Please sign in to leave a comment.
Comments
8 comments