Layer not displayed in chrome Cross-Origin Read Blocking (CORB)

3355
2
08-19-2019 12:58 PM
RobertLogan
New Contributor II

Layer not displayed in chrome

ArcGIS Enterprise 10.7.1 

Browser: only in Chrome

Chrome version:  Version 76.0.3809.100 (Official Build) (64-bit)

When viewing maps from the <portal> a rest/services json call to the <web adaptor> is blocked 

https://<portal>:7443/arcgis/home/webmap/viewer.html?useExisting=1&layers=<id>

Chrome devtools console displays the following error:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://<web adaptor>/arcgis/rest/services/<map>/MapServer/export?<params> with MIME type application/json

Because this request is blocked I don't easily see what the response header are.

I can see other rest calls returning data that include the following response headers:

https://<web adaptor>/arcgis/rest/services/<map>/MapServer?f=json

X-Content-Type-Options: nosniff, nosniff
Content-Type:  application/json;charset=UTF-8
2 Replies
ThomasJones1
Esri Contributor

Hello Robert,

Does Chrome trust the certificate being used by Portal and the Portal Web Adaptor? Just to confirm this is a CORB issue you may want disable CORB by starting Chrome via command line.

Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating

Thanks,

Thomas.

RobertLogan
New Contributor II

Hi Thomas,

Chrome doesn't trust either the portal nor the web adapter ssl certs:

This server could not prove that it is <web adapter> its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

What I've noticed is that if I haven't accepted the untrusted SSL cert from the web adaptor web site, then the portal call to the web adaptor API will fail.

    chrome -> portal -> FAILURE web adaptor api "net::ERR_CERT_COMMON_NAME_INVALID"

    chrome -> web adaptor -> chrome Proceed to <web adaptor> (unsafe)

    chrome -> portal -> SUCCESS web adaptor api

Also, the CORB issue has "disappeared" and been replaced with a "net::ERR_CERT_COMMON_NAME_INVALID" error in the javascript console.

I am actively working getting a properly signed SSL cert from my org, but in the mean time I wanted to share my SSL Cert whoas...

--Robert

0 Kudos