Hi Peoples,
We are getting reports from our users of an error message: 498 Invalid Token (Esri)
Returned by ArcGIS for Server. Code 498 indicates an expired or otherwise invalid token.
It is only occurring in Chrome. Same user, same machine, different browser - works fine.
We appear to have narrowed it down to Chrome 85 update, which was released 14 days ago and coincided with when reports started. If a user reports the error, and installs Chrome 80, the problem goes away. They upgrade to Chrome 85, problem starts again.
What is weird is two people can be sitting next to each other in the office, works for one, not the other. Same OS and windows patches, same release of Chrome 85. Person not working logs onto computer that is working, works fine.
Is anyone else seeing issues with the Chrome 85 release and Esri tokens?
Cheers,
Mark
Hi Mark,
Could you try clearing cookies on the affected browser?
Hi Eduard,
Tried clearing out cookies and caches and everything else. Same result .
Cheers,
Mark
Hi Peoples,
Chrome plans to gradually enable strict-origin-when-cross-origin
as the default policy in 85; this may impact use cases relying on the referrer value from another origin
A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin
This appears to be the the cause of the problem.
To get around the issue one can:
Cheers,
Mark
Hi,
Is there or will be long term solution to this. Disabling the flag works but this can't be a long term solution for regular customers.
If not what are the recommendations from ESRI of how to implement token authentication from different apps.
Regards,
Dushko
We had our developers review the code and put in a fix. We have a complex, custom built app.
Hi,
If anybody else have the same problem, i solved it by putting this meta tag in head of index.html
Now it works on Chrome.
Regards,
Dushko
Hi, thanks for the tip, In which index.html file did you place your tag ? There's a lot in the web appbuilder tree ...
We are experiencing a huge amount of these errors in our 10.8.1. Chrome is becoming a real pita with those security ever increasing implementations. Almost every new release breaks something in Enterprise platform.
Security is no compromise, I agree, but it makes us loose way too many times to fix the issues, imho
Pierre