DEPRECATION
ArcGIS Basemaps Functionality Deprecation: HTTPS only
Description
Over the past few years, Esri has become more stringent about enforcing HTTPS only for online services and products in keeping with industry guidelines and best practices. As a follow up to enforcing HTTPS in ArcGIS Online in 2020, Esri is planning to make a similar change to the raster basemap environment. The Esri raster basemaps currently can be requested using HTTP or HTTPS protocols. Starting in April 2022, support for HTTP will be disabled, and tile requests will be HTTPS only. If an HTTP request is received, it will be redirected to HTTPS. In many cases, the redirect will work. We have found some cases where the redirect does not work, mostly under specific circumstances in developer applications. In these cases, developers will need to update their applications and tools to accommodate HTTPS.
Vector basemaps are not impacted since they are already HTTPS only. Anyone using Platform services is not impacted since basemaps are HTTPS only.
All raster basemaps are affected by this deprecation. A list is available in this ArcGIS Online group. Note that the street based raster basemaps are in mature support, and we recommend that you use equivalent vector basemaps as a best practice.
We strongly encourage all users to use HTTPS as a best practice for security and for optimal performance after HTTPS only is enforced. If a customer thinks they may be using HTTP to request Esri raster basemaps, they should start updating their applications now so that they do not experience any downtime starting in April 2022.
We are making this change for several reasons:
- HTTPS provides a secure connection whereas HTTP does not. This helps to protect users against malicious attacks from hackers.
- HTTPS is a requirement for FedRamp.
Recommendation
Esri recommends that everyone use HTTPS since it is more secure.
The basemap team has tested different scenarios, and the results are below. Note that most usage is already HTTPS. This table is focused only on those applications that may be sending HTTP requests.
Note: The basemap team is still testing this deprecation, so the impact and notes may change.
| Product | Impact for apps sending HTTP requests for basemap tiles | Notes |
| ArcGIS Online | Low | We do not expect this change to impact ArcGIS Online users. ArcGIS Online already requires use of HTTPS. |
| ArcGIS Enterprise | Low | Web applications were tested, and the HTTP to HTTPS redirect works. |
| ArcGIS Pro | Low | The HTTP to HTTPS redirect works. Users could notice a small performance degradation due to the redirect. If you are unsure whether you are requesting using HTTP or HTTPS, users can reselect a map from the Basemap Gallery, and save the project. |
| ArcGIS Desktop (ArcMap) | Medium | The map document will open, but the basemap layer will not display. Users can select a new basemap from the Basemap Gallery, and save the map. |
| JSAPI 3.x and 4.x | Low High under certain circumstances | The HTTP to HTTPS redirect works. When hosting an application on HTTP using JSAPI 4.0 or 3.18 and lower, the redirect will not work. |
| .NET applications using HTTP in SOAP WSDL | High | Redirect does not work. Code will need to be modified, and the application will need to be recompiled. |
| Python | Low High under certain circumstances | Redirect does not work with http open connection or http pool connection library. Code will need to be modified. |
| ArcGIS Runtime | TBD | TBD |
Article ID:000027118
- ArcGIS Online
Get help from ArcGIS experts
Download the Esri Support App
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback