https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/cors-and-api-4-9-issue/m-p/605052#M56648 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I changed my app's default API from 4.8 to 4.9 and am getting a CORS error when loading our layers in development mode (localhost).</P><P></P><P>Our webserver is CORS enabled, and it used to work fine in 4.8. I am aware of the changes made in 4.9 regarding cors:</P><P></P><P>I am getting a 401 unauthorized error, and when adding the domain to&nbsp;esriConfig.request.trustedServers (we are using web authentication), I am getting the following error :</P><P><SPAN>The 'Access-Control-Allow-Origin' header contains multiple values '</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=http%3A%2F%2Flocalhost%3A8080" rel="nofollow" target="_blank">http://localhost:8080</A><SPAN>, *', but only one is allowed. Origin '</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=http%3A%2F%2Flocalhost%3A8080" rel="nofollow" target="_blank">http://localhost:8080</A><SPAN>' is therefore not allowed access.</SPAN></P><P></P><P>Now I disabled&nbsp;<SPAN style="background-color: #ffffff;">web security in a Chrome window, and that works fine there. It's a good enough work around, but I was wondering if there was a way to make it work in "normal" mode.</SPAN></P><P></P><P><SPAN style="background-color: #ffffff;">Thanks,</SPAN></P></BODY></HTML> Tue, 09 Oct 2018 12:30:49 GMT MatthieuThery1 2018-10-09T12:30:49Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/cors-and-api-4-9-issue/m-p/605052#M56648 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I changed my app's default API from 4.8 to 4.9 and am getting a CORS error when loading our layers in development mode (localhost).</P><P></P><P>Our webserver is CORS enabled, and it used to work fine in 4.8. I am aware of the changes made in 4.9 regarding cors:</P><P></P><P>I am getting a 401 unauthorized error, and when adding the domain to&nbsp;esriConfig.request.trustedServers (we are using web authentication), I am getting the following error :</P><P><SPAN>The 'Access-Control-Allow-Origin' header contains multiple values '</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=http%3A%2F%2Flocalhost%3A8080" rel="nofollow" target="_blank">http://localhost:8080</A><SPAN>, *', but only one is allowed. Origin '</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=http%3A%2F%2Flocalhost%3A8080" rel="nofollow" target="_blank">http://localhost:8080</A><SPAN>' is therefore not allowed access.</SPAN></P><P></P><P>Now I disabled&nbsp;<SPAN style="background-color: #ffffff;">web security in a Chrome window, and that works fine there. It's a good enough work around, but I was wondering if there was a way to make it work in "normal" mode.</SPAN></P><P></P><P><SPAN style="background-color: #ffffff;">Thanks,</SPAN></P></BODY></HTML> Tue, 09 Oct 2018 12:30:49 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/cors-and-api-4-9-issue/m-p/605052#M56648 MatthieuThery1 2018-10-09T12:30:49Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/cors-and-api-4-9-issue/m-p/605053#M56649 <HTML><HEAD></HEAD><BODY><P>Matthieu,</P><P></P><P>&nbsp; &nbsp;The best way to avoid this is to never use localhost (even in development). I never use localhost I always use the machine name of my development machine.</P></BODY></HTML> Tue, 09 Oct 2018 12:45:40 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/cors-and-api-4-9-issue/m-p/605053#M56649 RobertScheitlin__GISP 2018-10-09T12:45:40Z