We recently made a security enhancement wherein image and file type columns have signed URLs generated for them. This enhancement prevents an app user from changing the table name or file name parameters in order to access app files that they should not. In the near future, we are going to start requiring calls to the gettablefileurl and getappfileurl endpoints to have valid signatures.
What does this mean for you? If you have an app where you are manually constructing a link to a gettablefileurl or getappfileurl endpoint, that link will stop working very soon UNLESS you edit your app by going to Security -> Options and unchecking the toggle for “Require Image and File URL Signing.” By unchecking this option, you should understand that you are making your app files less secure. An app user could potentially modify the URL in order to see any file in the app that they could guess the file name for. If the Secure Image access and/or Secure PDF access settings are disabled for the app, this means potentially anyone can do this. It is best to leave the option checked if possible.
A note on XY column background images. Since a full URL is now being generated for images and passed back to the client, you no longer need to construct a URL for the background image of an XY column if you want to use an app image. You can now reference or de-reference an image column for the background image and the map should work correctly.