PROXY and CORS (Control-Allow-Origin)

13339
8
Jump to solution
04-28-2016 05:30 AM
RobertoOliveira
New Contributor III

Hi,

I'm having problems to set the proxy for my application!

My current setup:

- ArcGIS Server 10.4 on 'server.virtual.private' or '192.168.210.100'

- Proxy .NET running with IIS 8.5 on 'server.virtual.private' (same machine than ArcGIS Server 10.4)

- Application with Javascript API 3.16 on 'host-vm' or '192.168.210.1' (with browsersync.io)

Installed the proxy from GitHub

Put the .NET version on a inetpub\wwwroot subfolder, created a app, etc...

Then, I tested the proxy (according with the README.md):

"Test that the proxy is installed and available":

http://server.virtual.private/DotNet/proxy.ashx?ping!

Got a valid response:

{ "Proxy Version": "1.1.0", "Configuration File": "OK", "Log File": "Not Exist/Readable"}

"Test that the proxy is able to forward requests directly in the browser using":

http://server.virtual.private/esri_proxy/proxy.ashx?http://server.virtual.private/arcgis/rest/servic...

Got a valid response:

{
   "currentVersion":10.4,
   "serviceDescription":"TEST_SERVICE",
   "hasVersionedData":false,
   "supportsDisconnectedEditing":false,
   "syncEnabled":false,
   "supportedQueryFormats":"JSON, AMF",
   "maxRecordCount":1000,
   "capabilities":"Create,Delete,Query,Update,Uploads,Editing",
   "description":"",
   "copyrightText":"",
   "spatialReference":{
      "wkid":102100,
      "latestWkid":3857
   },
   "initialExtent":{
      "xmin":-5373925.95008382,
      "ymin":-1779327.897638279,
      "xmax":-5367538.895643042,
      "ymax":-1776174.0579972658,
      "spatialReference":{
         "wkid":102100,
         "latestWkid":3857
      }
   },
   "fullExtent":{
      "xmin":-5371483.1645,
      "ymin":-1779695.3658000007,
      "xmax":-5368931.5394,
      "ymax":-1776737.2322000004,
      "spatialReference":{
         "wkid":102100,
         "latestWkid":3857
      }
   },
   "allowGeometryUpdates":true,
   "supportsApplyEditsWithGlobalIds":false,
   "units":"esriMeters",
   "documentInfo":{
      "Title":"",
      "Author":"",
      "Comments":"",
      "Subject":"",
      "Category":"",
      "Keywords":"TEST_SERVICE"
   },
   "layers":[
      {
         "id":0,
         "name":"TEST_SERVICE"
      }
   ],
   "tables":[

   ],
   "enableZDefaults":false
}

So, the proxy appear to be OK!

Then, I edited the proxy.config file, with this content (this is for test development):

<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*" mustMatch="false">
  <serverUrls>
      <serverUrl url="http://server.virtual.private" matchAll="true" username="siteadmin" password="secret" />
  </serverUrls>
</ProxyConfig>

Then, according with README.md​, and document on Using the proxy | Guide | ArcGIS API for JavaScript I must put the URL of the proxy on my javascript application.

I put the following lines on top of main file of application:

esriConfig.defaults.io.proxyUrl = 'http://server.virtual.private/DotNet/proxy.ashx';
esriConfig.defaults.io.alwaysUseProxy = false;

Tested my application and got a 500 response when asked for a Feature Layer.

"XMLHttpRequest cannot load http://server.virtual.private/DotNetProxy/proxy.ashx?http://server.virtual.private/arcgis/rest/servi.... Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested source. Origin 'http://192.168.210.1:8080' is therefore not allowed access.".

So, I got a CORS! but according with the documentation on Using the proxy | Guide | ArcGIS API for JavaScript​:

"ArcGIS Server 10.1 supports CORS out of the box."

OK, I have some problems now!!

In same documentation:

"For earlier versions, an administrator can add CORS support. Visit enable-cors.org for detailed instructions"

Let's try anyway!

Modified the web.config file on proxy application on IIS (from lines 07 to 15).

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="false" targetFramework="4.0"/>
  </system.web>

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="*" />
        <add name="Access-Control-Allow-Methods" value="*" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

  <system.diagnostics>
    <switches>
      <add name="TraceLevelSwitch" value="Info" />
    </switches>
    <trace autoflush="true" indentsize="4">
      <listeners>
        <add name="agsProxyLogListener" type="System.Diagnostics.TextWriterTraceListener"
             initializeData="C:\Temp\Shared\proxy_logs\auth_proxy.log" />
        <remove name="Default" />
      </listeners>
    </trace>
  </system.diagnostics>
</configuration>

Now, I get a new error!

"XMLHttpRequest  cannot load http://server.virtual.private/DotNetProxy/proxy.ashx?http://server.virtual.private/arcgis/rest/servi.... Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.".

So, what's the correct way to configure the proxy? Because I do everything that was on documents, and got errors.

1 Solution

Accepted Solutions
RobertoOliveira
New Contributor III

This seens be a bit stranger, but I have changed the web.config to original version (the same on github) and included the following line in my code:

esriConfig.defaults.io.corsEnabledServers.push('server.virtual.private');

Everything worked without the changes on web.config!

Then, I removed the line corsEnabledServer, and code was still working!

The problem was resolved, but I really do not know how!

Edit: the "error" occur again! instead of modify all the web.config file again, the esriConfig.defaults.io.corsEnabledServer.push function resolved the problem this time!

This function was not on main documentation about CORS. I found this function looking at the API Reference, and on some sample codes.

View solution in original post

8 Replies
RobertoOliveira
New Contributor III

I "resolved" the problem, with the following content on Web.config file of DotNet Proxy (lines 07 to 15 from previous version):

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Headers" value="Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent" />
      <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
    </customHeaders>
  </httpProtocol>
  </system.webServer>

But this don't seems to be the correct method! In any part of documentations of DotNet Proxy, Javascript API or Server REST API have any information that I must modify the Web.config file for this version.

Any ideas?

DanMcCoy
Occasional Contributor III
0 Kudos
arunepuri1
New Contributor III

The solutions worked for me with esriRequest

Done the below changes in dotnet proxy => web.config

<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://localhost:44332" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers" value="Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>

Added the below code in widget.js

esri.config.defaults.io.proxyUrl = "https://hostservername.com/proxy/proxy.ashx";
esriConfig.defaults.io.alwaysUseProxy = false;
esri.config.defaults.io.corsEnabledServers.push("servicehostname.com"); 

var requestHandle = esriRequest({
url: URL,
handleAs: "json",
headers: { "Accept": "application/json" },
timeout: 10000
}, { useProxy: true, usePost: false, disableIdentityLookup: true });

requestHandle.then(lang.hitch(this, function (results, io) {

console.log(results);

}

0 Kudos
RobertoOliveira
New Contributor III

This seens be a bit stranger, but I have changed the web.config to original version (the same on github) and included the following line in my code:

esriConfig.defaults.io.corsEnabledServers.push('server.virtual.private');

Everything worked without the changes on web.config!

Then, I removed the line corsEnabledServer, and code was still working!

The problem was resolved, but I really do not know how!

Edit: the "error" occur again! instead of modify all the web.config file again, the esriConfig.defaults.io.corsEnabledServer.push function resolved the problem this time!

This function was not on main documentation about CORS. I found this function looking at the API Reference, and on some sample codes.

BrianO_keefe
Occasional Contributor III

Where did this line of code GO...? In the web.config? In the Web App Builder? I'm lost...

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Brain,

   You are looking in the JS API space so the answer provided was a line of code to be added to the JS API custom apps code.

BrianO_keefe
Occasional Contributor III

Ahhhh... I'm having a similar issue and hitting dead ends... thanks man.

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Brain,

   For WAB look here:

Work with web-tier authentication—Web AppBuilder for ArcGIS (Developer Edition) | ArcGIS for Develop... 

In the main config.json there is a "authorizedCrossOriginDomains": [],