How do I get "AllowedOrigins" to work?

10-20-2016 04:29 PM
Occasional Contributor III

Hi All, 

Maybe I'm hoping for something that's not possible but I thought that by setting this value to specific machine domains, it would prevent AGS from responsding to requests from other places.  Is that not the jist of it? 

I have:

  • AGS 10.3 server.
  • The Allowed origins property in the Admin site (Home>system>handlers>rest>servicesdirectory) is set to:
  • I've saved the operation and restarted the AGS service.  

I can still access the map services on this box from:

  • a basic JavaScript API map on localhost
  • from the map
  • from web browser just copy/pasting the url
  • from the web application on another server.  

I haven't found anything that's "blocked"

What should I expect from this property being set?

Am I missing another step? 

I'll following the steps here: Restricting cross-domain requests to ArcGIS Server—Documentation (10.3 and 10.3.1) | ArcGIS for Serv... 



Tags (2)
1 Reply
Occasional Contributor III

Hi - I have just noticed the same issue in 10.9.1 when trying to lock down a stand-alone ArcGIS Server with specific allowedorigins following this doc -

I've used our ArcGIS Online url (e.g. https://<orgname> in the AllowedOrigins, but found that I can access the services on this ArcGIS Server from a different AGOL organistion that doesn't match the AllowedOrigins.

Did you ever resolve this or does anyone else know how to get this working?



0 Kudos