I'm developing an Experience Builder solution on my laptop, using development tools. As such, this launches from https://localhost:3001 on my laptop.
In this, a widget launches some Javascript which will call a Python script on my ArcGIS Enterprise server, which is obviously on a different machine.
When run, I get the following error in the console:
Access to fetch at 'TOOL_URL_WITH_PARAMS' (redirected from 'TOOL_URL_WITH_PARAMS') from origin 'https://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Now, I've tried a few things. I've added https://localhost:3001 to the Portal (settings > security > allow origins). I've also added https://localhost:3001 to the Services Directory (ArcGIS Server Administrator Directory > system > handlers > rest > servicesdirectory > AllowedOrigins) which now reads as "*, https://localhost:3001".
These still result in "no 'Access-Control-Allow-Origin' header.
HOWEVER - if I go into IIS and add it (Access-Control-Allow-Origin, https://localhost:3001) to the default site, Experience Builder immediately reports:
Access to fetch at 'https://MYPORTAL/portal/sharing/rest//oauth2/platformSelf?f=json' from origin 'https://localhost:3001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://localhost:3001, https://localhost:3001', but only one is allowed. Have the server send the header with a valid value.
So that's obviously changing something, but I fear this is getting myself tangled in knots. I've tried keeping the one in IIS and getting rid of the ones in Portal and the Services Directory, but still get the same issue (multiple values), and if I get rid of the one in IIS (but keep the rest) then it can't find a header.
Does anyone have any idea what I may be missing in my configuration? And also, as I'm operating on a laptop (and not the server), would the server still be seeing my requests as coming from https://localhost:3001?
