Over the past few years, Esri has become more stringent about enforcing HTTPS only for online services and products in keeping with industry guidelines and best practices. As a follow up to enforcing HTTPS in ArcGIS Online in 2020, Esri is planning to make a similar change to the raster basemap environment. The Esri raster basemaps currently can be requested using HTTP or HTTPS protocols. Starting in April 2022, support for HTTP will be disabled, and tile requests will be HTTPS only. If an HTTP request is received, it will be redirected to HTTPS. In many cases, the redirect will work. We have found some cases where the redirect does not work, mostly under specific circumstances in developer applications. In these cases, developers will need to update their applications and tools to accommodate HTTPS.
Vector basemaps are not impacted since they are already HTTPS only. Platform services are also not impacted since basemaps are HTTPS only.
We strongly encourage all users to use HTTPS as a best practice for security and for optimal performance after HTTPS only is enforced. If a customer thinks they may be using HTTP to request Esri raster basemaps, they should start updating their applications now so that they do not experience any downtime starting in April.
Why HTTPS only?
HTTPS, short for Hypertext Transfer Protocol for secure communication (and commonly referred to as SSL or TLS), allows for the secure transmission of data, both incoming and outgoing, between a client—such as a web browser—and the server. All data is encrypted, so anyone monitoring the traffic won’t be able to capture any sensitive information.
Updating your applications to use HTTPS is a simple way to help secure your intellectual property and prevent anyone other than the people you intend from seeing sensitive information. If your applications aren’t already configured with HTTPS only, it’s a good idea to begin updating to use HTTPS now. If your application is browser based, you probably already know that the popular browsers, such as Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari are becoming increasingly stringent with HTTP traffic. Browser updates frequently introduce tighter controls that either alert you to security issues with websites or block insecure content completely.
Which basemaps are affected?
A list of affected basemaps is available in this ArcGIS Online group. Note that the street based raster basemaps are in mature support, and we recommend that you use equivalent vector basemaps as a best practice.