Community

No 'Access-Control-Allow-Origin' HELP!!

49411
22
Jump to solution
11-02-2017 09:32 AM
deleted-user-1_r2dgYuILKY
by
Occasional Contributor III
‎11-02-2017 09:32 AM

I've been dealing with this issue for a while. I have a geoprocessing tool on the ArcGIS server that generates a report from a map click. I get the CORS error when the server tries to return the report PDF to the popup in the map window. 

I've tried adding this to our webconfig file, and it doesn't help. 

<customHeaders>  
                    <add name="Access-Control-Allow-Origin" value="*" />  
                    <add name="Access-Control-Allow-Headers" value="*" />  
                    <add name="Access-Control-Allow-Methods" value="*" />  
               </customHeaders>‍‍‍‍‍‍‍‍‍‍

I tried adding this to my JavaScript code and it worked in once instance, but not another. 

esriConfig.defaults.io.corsEnabledServers.push("ourserver.com")

I've also tried removing these lines from the webconfig and adding "Access-Control-Allow-Origin, * " under HTTP response headers in our IIS web server manager and I get this error "The 'Access-Control-Allow-Origin' header contains multiple values 'null, *', but only one is allowed. Origin 'null' is therefore not allowed access."

I'm pulling my hair out trying figure this out. 

Tags (1)
22 Replies
AdrianMarsden
by
Occasional Contributor III
‎11-08-2019 07:56 AM

OK  - I'm getting this AGAIN -   EVERY. SINGLE. TIME  I move AGS servers I get this.  Every time I battle for days trying to sort it.  I am fed up with it.  i hate it.  This thread may have an answer, but not on a Friday afternoon

0 Kudos
NickSwartz
by
New Contributor II
‎10-07-2020 04:06 PM

Not sure if this is helpful, but I was getting a similar error recently and solved it with esri.config in the javascript. 

require(["esri/config], function(esriConfig){

esriConfig.defaults.io.corsDetection = false

...

0 Kudos
MarielaDel_Rio1
by
New Contributor
‎12-29-2021 10:58 AM

I have been experiencing a similar issue. When In AGOL, I try to add a secure Map service we have on prem as follows: Connect to AGOL - > My content -> Add Item -> URL, and use the button to allow to save credentials.

Next screen, when one puts the username and password, it always says invalid, and the error is 

"Access to XMLHttpRequest at 'https://utility.arcgis.com/usrsvcs/servers/82d7eb20463f4ccba5064f27edf892cf/rest/services/Zoning/SEO...' from origin 'https://miamigis.maps.arcgis.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

I noticed there is no Access-Control-Allow-Origin header, but when I add it in IIS (set to *', the error changes to indicate it has multiple values

 The 'Access-Control-Allow-Origin' header contains multiple values  'https://miamigis.maps.arcgis.com, *;', but only one is allowed.

Note: This starts to happen when we when we tighten the script-src directive to the Content Security Headers from '*' to individual URLs. The problem is that the urls from the error are added, but some URL may be around that we do not see.

Ideas?

0 Kudos