DEPRECATION

ArcGIS Basemaps Functionality Deprecation: HTTPS only

Last Published: January 26, 2022

Description

Over the past few years, Esri has become more stringent about enforcing HTTPS only for online services and products in keeping with industry guidelines and best practices. As a follow up to enforcing HTTPS in ArcGIS Online in 2020, Esri is planning to make a similar change to the raster basemap environment. The Esri raster basemaps currently can be requested using HTTP or HTTPS protocols. Starting in April 2022, support for HTTP will be disabled, and tile requests will be HTTPS only. If an HTTP request is received, it will be redirected to HTTPS. In many cases, the redirect will work. We have found some cases where the redirect does not work, mostly under specific circumstances in developer applications. In these cases, developers will need to update their applications and tools to accommodate HTTPS.

Vector basemaps are not impacted since they are already HTTPS only. Anyone using Platform services is not impacted since basemaps are HTTPS only.

All raster basemaps are affected by this deprecation.  A list is available in this ArcGIS Online group. Note that the street based raster basemaps are in mature support, and we recommend that you use equivalent vector basemaps as a best practice. 

We strongly encourage all users to use HTTPS as a best practice for security and for optimal performance after HTTPS only is enforced. If a customer thinks they may be using HTTP to request Esri raster basemaps, they should start updating their applications now so that they do not experience any downtime starting in April 2022.

We are making this change for several reasons:

  • HTTPS provides a secure connection whereas HTTP does not. This helps to protect users against malicious attacks from hackers.
  • HTTPS is a requirement for FedRamp.

Recommendation

Esri recommends that everyone use HTTPS since it is more secure.

The basemap team has tested different scenarios, and the results are below.  Note that most usage is already HTTPS.  This table is focused only on those applications that may be sending HTTP requests.

Note:
The basemap team is still testing this deprecation, so the impact and notes may change.
ProductImpact for apps sending HTTP requests for basemap tilesNotes
ArcGIS OnlineLowWe do not expect this change to impact ArcGIS Online users.  ArcGIS Online already requires use of HTTPS.
ArcGIS EnterpriseLowWeb applications were tested, and the HTTP to HTTPS redirect works.   
ArcGIS ProLowThe HTTP to HTTPS redirect works.  Users could notice a small performance degradation due to the redirect.  If you are unsure whether you are requesting using HTTP or HTTPS, users can reselect a map from the Basemap Gallery, and save the project.
ArcGIS Desktop (ArcMap)MediumThe map document will open, but the basemap layer will not display.  Users can select a new basemap from the Basemap Gallery, and save the map.
JSAPI 3.x and 4.xLow
High under certain circumstances
The HTTP to HTTPS redirect works. When hosting an application on HTTP using JSAPI 4.0 or 3.18 and lower, the redirect will not work.
.NET applications using HTTP in SOAP WSDLHighRedirect does not work.  Code will need to be modified, and the application will need to be recompiled.
PythonLow
High under certain circumstances
Redirect does not work with http open connection or http pool connection library.  Code will need to be modified.
ArcGIS RuntimeTBDTBD

Article ID:000027118

Software:
  • ArcGIS Online

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options