Is your browser telling you that manager.agilitycms.com is not secure?
While ALL API calls within the content manager to login, fetch, and update content are secure and over HTTPs, the application itself is by default loaded over HTTP. In our April 2018 release, this has changed and all new Agility instances will now be forced to over HTTPS.
Complications of custom CDN endpoints and custom input forms have prevented us from making this a global change, without the risk of introducing breaking changes.
For instances that are still over HTTP and not HTTPS, this 'switch' to force HTTPS will need to be manually turned on by the agility support team. This switch needs to be reviewed and tested as there are some cases where this could break some custom functionality often found in custom input forms. In addition to this, the CDN endpoint must be updated to load over HTTPS.
- Is the CDN/Media & Documents URL loading over HTTPS within the content manager already? If no, the Agility support team can update this for you.
- Are there any custom input forms, or custom JS events that are calling insecure resources (i.e. resources that are NOT over HTTPS)? If yes, they will need to be updated to HTTPS prior to making the switch.
If both 1 and 2 are in place, switching to full HTTPS should be quick and painless.
Want to enable full HTTPS for your Agility instance? Please submit a support ticket here. And we'll walk you through the process.