The internet is full of questions about CORS, and this is definitely another one of them. Here's (what I think is fairly standard) situation, and the problem I'm facing.
CORS is set up and working properly in my web application, and on the external ArcGIS servers which provide the basemaps and data it uses. However, there's an issue which plagues developers and testers:
If I'm developing/testing on devserver.com and my browser makes a CORS request out to basemaps.com, everything works fine. If I then go to prodserver.com in another browser tab and bring up the application, a CORS request is sent out and denied with the "Access to XMLHttpRequest at 'basemaps.com/arcgis...' from origin 'https://devserver.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://prodserver.com' that is not equal to the supplied origin.
If anyone has any insight into a possible solution for this problem, it would be greatly appreciated! This is my white whale.
I've got the same problem but not on dev/prod servers. We've got situation with ArcGIS Enterprise 10.6.1 and WebAdaptors on Tomcat when on first server is deployed app and on second server is another app. These apps have same layer (service from the same ArcGIS Server). When I try to get map from fist app, there's no problem, when I get request from second app, app gets CORS error.
Can you provide the exact error you are getting? This is likely an issue with the HTTP headers of one of the servers. I would check to see if the headers are different between the two.
Also, is one app hosted on the same server as the service? That would eliminate any cross origin requests which might be why one is working.
I also have the same problem !
In one case, I have a page hosted on the GIS server and another on a server outside of GIS infrastructure. Below the steps to reproduce my problem :
Thanks for your feedback
I was able to reproduce the issue on my end with the following error:
Access to image at 'https://sig.nanterre.fr/ags/rest/services/Adresse_Voie/MapServer/export?bbox=631714.6775547416%2C6859217.652993829%2C651746.8509524217%2C6874474.61684109&bboxSR=102110&imageSR=102110&size=1183%2C901&dpi=96&format=png32&transparent=true&layers=show%3A-1&f=image' from origin 'https://www.nanterre.fr' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://sig.nanterre.fr' that is not equal to the supplied origin.
The issue seems to be the browser switching from the origin www.nanterre.fr to sig.nanterre.fr and then back. The easiest fix without digging too deep would be to change the Access-Control-Allow-Origin header from the origin https://www.nanterre.fr to *