Community
Select to view content in your preferred language

https://localhost:3001 no longer supported with ArcGIS Online

7346
12
12-03-2021 10:41 AM
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎12-03-2021 10:41 AM

It seems that ArcGIS Online no longer permits you to use "localhost" as an Allowed Origin for CORS. So you cannot set https://localhost:3001 as an Allowed Origin, as required by Experience Builder.

The instructions in ArcGIS Experience Builder install, therefore, no longer work. When you get to Step #8 under "Create Client ID using ArcGIS Online or ArcGIS Enterprise", you cannot get past the error message, "Your application domain is not allowed via Cross-Origin Resource Sharing (CORS)..."

PeterKnoop_0-1638556430205.png

Instead of localhost, one has to set the fully-qualified domain name of their computer (e.g., http://mycomputer.mydomain:3001) as an Allowed Origin on your ArcGIS Online instance, and use it in place of https://localhost:3001 everywhere in the Experience Builder instructions.

Do the instructions need updating, or is there an easy way around this that I am missing?

 

 

 

12 Replies
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎12-03-2021 12:24 PM

@PeterKnoop 

I personally never use localhost as a url in any development. You can ignore the .mydomain portion most likely (depending on a couple of factors, like is it required for you ssl certificate when using https). Just use your windows device name in place of localhost. If you are not sure what that is. In Windows 10 search for "This PC" right click and choose properties and it is listed as Device name.

0 Kudos
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎12-03-2021 12:34 PM

@RobertScheitlin__GISP The problem is that ArcGIS Online now expects a domain name for Allowed Origins: "Valid servers must at minimum consist of a domain name. They may also include a protocol (http:// or https://) if you wish to target a specific protocol. Valid servers may also include the port if needed. Servers must also conform to standard naming conventions for domain names." So a Device name will not work either.

0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎12-03-2021 01:12 PM

@PeterKnoop 

Sorry I have to disagree. I have EB working just fine using my device name in the redirect on AGOL.

0 Kudos
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎12-03-2021 01:20 PM

@RobertScheitlin__GISP Interesting... did you perhaps configure your setup awhile ago?

The current version of ArcGIS Online (9.3) no longer allows you to enter an Allowed Origin that only consists of a device name. It has to be a domain name or a fully-qualified machine name.

We did have localhost as an Allowed Origin in the past, when it was permitted by ArcGIS Online. It remained in our Allowed Origins list, even after ArcGIS Online changed the rules on what was allowed. After removing it from the list of Allowed Origins, however, the current version of ArcGIS Online no longer allows one to add it back.

0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎12-03-2021 01:30 PM

@PeterKnoop,

Strange. based on what you said I just tried to do the 

"Create Client ID using ArcGIS Online" steps from the EB install-guide and it still worked using https protocol and my machine name and port 3001...

Are you choosing "Other Application" as the application type when adding the new item in AGOL?

0 Kudos
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎12-04-2021 07:17 AM

@RobertScheitlin__GISP I think you may be looking at something different than what I am referring to?

Are you referring to the specifying the application's Redirect URI, in step #6 of the documentation for Create Client ID using ArcGIS Online or ArcGIS Enterprise? There are no validation rules on that field that prevent you from using localhost or your device name.

What you register as an app's Redirect URI, however, also has to be covered by an Allowed Origin on your ArcGIS Online instance. Otherwise, you will get the CORS error I noted above, in step #8, when you start the Experience Builder server on your local machine.

It is the Allowed Origin setting that is the issue. In ArcGIS Online, under Organization --> Settings --> Security --> Allowed origins, you can no longer add a domain that is just a machine name or localhost, such as what the documentation for Experience Builder suggests using, https://localhost:3001.

0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎12-06-2021 05:27 AM

@PeterKnoop 

What you register as an app's Redirect URI, however, also has to be covered by an Allowed Origin on your ArcGIS Online instance. Otherwise, you will get the CORS error I noted above, in step #8, when you start the Experience Builder server on your local machine.

I have never messed with the Allowed Origins setting in AGOL and I have been using EB Developer since the beginning and even have EB deployed to my web server without issue.

0 Kudos
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎12-07-2021 05:48 AM

Thanks @RobertScheitlin__GISP . If you are not specifying any Allowed Origins for your ArcGIS Online instance, then it will accept CORS requests from any domain. Our local security guidelines, however, require us to use ArcGIS Online's Allowed Origins settings to lock-down CORS to only permitted domains. So now that localhost is no longer supported as option by ArcGIS Online, it would seem that adding a note to the instructions would hopefully help others running into this issue.

awgeezrick
by
Regular Contributor
‎05-24-2023 07:49 AM

Hi Peter,

How did you get past this limitation? I am have had a heck of a time getting Experience Builder Developer edition up an running on my workstation. Now that it is running, I can't import anything. WHen I check DevTools on the error it's all about CORS issues relating to the https://localhost:3001 asking for content from Portal. 

Any guidance would be greatly appreciated.

Mark

0 Kudos