https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/1048759#M72630 <P data-unlink="true">NOW I remember!&nbsp; It was a self-inflicted wound.&nbsp; For anyone else experiencing this, maybe you did what I did and this will help you too.&nbsp; On the recommendation of&nbsp; <A href="https://enterprise.arcgis.com/en/server/latest/administer/linux/restricting-cross-domain-requests-to-arcgis-server.htm" target="_blank" rel="noopener">ESRI on this page</A>, &nbsp;I removed the wild card from Allowed Origins on my servicesDirectory settings in ArcGISSerer Admin and replaced it with my two GIS app server URL - this means that only this server is allowed to send Javascript requests to ArcGIS Server on my GIS data server.&nbsp; It also means that the localhost machine (my development PC) cannot send javascript requests to ArcGIS server.&nbsp; Once I added <A href="https://localhost" target="_blank">https://localhost</A>&nbsp;to the Services Directory &gt; AllowedOrigins it started working again.</P> Mon, 19 Apr 2021 15:49:20 GMT PLadd 2021-04-19T15:49:20Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/249785#M23151 <HTML><HEAD></HEAD><BODY><P>I am working on my local machine with JSAPI in VS Code, and I'm getting&nbsp;the following <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" rel="nofollow noopener noreferrer" target="_blank">CORS</A> related error thrown at me in Chrome Dev Tools:</P><P></P><PRE class="lia-code-sample line-numbers language-none"><CODE>Access to XMLHttpRequest at 'https//... my environment ..../MapServer?f=json' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.‍‍‍‍‍<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><P></P><P>I've read enough about CORS to understand&nbsp;its purpose, and that according to ESRI, ...</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>By default,&nbsp;<SPAN class="">ArcGIS Server</SPAN> allows cross-domain requests so Javascript clients can invoke the server's services from any domain.... (<A class="link-titled" href="http://enterprise.arcgis.com/en/server/latest/administer/linux/restricting-cross-domain-requests-to-arcgis-server.htm" title="http://enterprise.arcgis.com/en/server/latest/administer/linux/restricting-cross-domain-requests-to-arcgis-server.htm" rel="nofollow noopener noreferrer" target="_blank">Restrict cross-domain requests to ArcGIS Server—ArcGIS Server Administration (Linux) | ArcGIS Enterprise</A>)</P></BLOCKQUOTE><P>So I think no additional <A href="https://enable-cors.org/server_iis7.html" rel="nofollow noopener noreferrer" target="_blank">tweaks to the web server </A>are warranted. I've been able to&nbsp;"work around" this by developing in a directory that's on the same Dev/Test box where my&nbsp;map services are&nbsp;running on. This works great.&nbsp;Additionally,&nbsp;I've reviewed 'Allowed Origins' in ArcGIS Server Administrator to make it meets my needs.<BR /><BR /></P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.esri.com/legacyfs/online/441149_servicesdirectory.png" /></P><P>Are there other adjustments I could make that would allow me to still do all my work locally and hit AGS map services without CORS issues? I get the sense from reading various threads online that a lot of folks new to working with JSAPI may be running into this. But I haven't found the <A _jive_internal="true" href="https://community.esri.com/community/developers/web-developers/arcgis-api-for-javascript/blog/2018/08/30/cors-and-the-arcgis-api-for-javascript-changes-coming-in-49" target="_blank">ESRI documentation</A> tremendously illuminating.</P></BODY></HTML> Sat, 11 Dec 2021 12:25:07 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/249785#M23151 Arne_Gelfert 2021-12-11T12:25:07Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/1048749#M72628 <P>Did you ever resolve this issue using localhost?&nbsp; I just ran into this issue this morning (4/19/21) out of the blue - yet it worked fine for the previous 17 years.&nbsp; &nbsp;I can run a development sample on the same server (or any server) but I can't run it through localhost:44300.&nbsp; And it's only the web page with the map services - all other pages load and work correctly.</P> Mon, 19 Apr 2021 15:32:27 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/1048749#M72628 PLadd 2021-04-19T15:32:27Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/1048759#M72630 <P data-unlink="true">NOW I remember!&nbsp; It was a self-inflicted wound.&nbsp; For anyone else experiencing this, maybe you did what I did and this will help you too.&nbsp; On the recommendation of&nbsp; <A href="https://enterprise.arcgis.com/en/server/latest/administer/linux/restricting-cross-domain-requests-to-arcgis-server.htm" target="_blank" rel="noopener">ESRI on this page</A>, &nbsp;I removed the wild card from Allowed Origins on my servicesDirectory settings in ArcGISSerer Admin and replaced it with my two GIS app server URL - this means that only this server is allowed to send Javascript requests to ArcGIS Server on my GIS data server.&nbsp; It also means that the localhost machine (my development PC) cannot send javascript requests to ArcGIS server.&nbsp; Once I added <A href="https://localhost" target="_blank">https://localhost</A>&nbsp;to the Services Directory &gt; AllowedOrigins it started working again.</P> Mon, 19 Apr 2021 15:49:20 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/how-to-fix-cors-issues-when-consuming-ags-map/m-p/1048759#M72630 PLadd 2021-04-19T15:49:20Z