Axure Share is Moving to Enforced HTTPS

Axure Share is moving to HTTPS-only. While the option to redirect to HTTPS links for your Axure Share content has been available for some time, we’ve now decided to enforce HTTPS for everything hosted on the service.

This change will happen in two phases: first, HTTPS will become the default option for workspaces instead of HTTP; and second, HTTP will disappear as an option for workspaces.

This is good news for the security and speed of your Axure Share content, and many of you won’t notice a difference beyond that little “secure” icon appearing in your browser’s address bar when you’re viewing an Axure Share page. For some of you, though, the switch to enforced HTTPS will require some vigilance and potentially some changes to be made to ensure that your prototypes continue to be viewable. These are the areas that may need your attention:

  • We’re deprecating two of Axure Share’s branding features, custom domains and custom account login pages. (Custom prototype password pages will still be available.) We’re going to make the change along with the HTTPS switchover because the outgoing features aren’t compatible with our secure architecture. Existing custom domains will continue to work, but will continue to transfer over regular, insecure HTTP.
  • If you use inline frame widgets in your prototypes, make sure that you’re linking to the HTTPS versions of your links instead of regular HTTP (e.g., <https://www.google.com/maps/etc.> instead of <http://www.google.com/maps/etc.>). An HTTP page pointed to in an iframe after we flip the switch to HTTPS will constitute a “mixed content” web security issue and will be blocked by your web browser, though the rest of the page will continue to function just fine.
  • Similar to the above, any link clicked when the prototype’s sidebar is open will need to either point to an HTTPS address or open in a new browser tab in order to function properly. This is because the prototype is technically a frameset when the sidebar is expanded.
  • Any custom plugins you’ve implemented will benefit from some testing after the switch, as they may need to be updated.
  • Web fonts will work with our new HTTPS architecture—but not yet. We’ll make sure we have a solution in place for this before our November deadline. For now, keep in mind as you’re doing any testing with HTTPS that your web fonts may look incorrect for the next couple of weeks.

If you want to verify in advance that your prototypes are still going to be looking and working great after the November 1st switchover, we recommend that you take a moment now to enable the SSL option in your “Configure Security” dialog for any Axure Share workspace. (After the switch, you’ll be able to use this same dialog to switch your workspaces back to HTTP temporarily if you need to.) Read more about the SSL option in our documentation.
Welcome to the more secure future with Axure Cloud! We appreciate your attention to this.