My organization is currently exploring ArcGIS Hub. We have a number of AGS map services which we are trying to view through Hub. We are getting this error in the Data tab:
I have determined that this is a direct result of a browser CORS error (multiple 'Access-Control-Allow-Origin' headers). Here is the error (Urls are not real):
"Failed to load https://org.com/arcgis/rest/info?f=json: The 'Access-Control-Allow-Origin' header contains multiple values 'https://opendata-org.opendata.arcgis.com, *', but only one is allowed. Origin 'https://opendata-org.opendata.arcgis.com' is therefore not allowed access."
When I strip the extra header using a Fiddler script, the problem goes away. I have encountered this error before using the JavaScript API and usually it has no impact. It seems that Hub requires the results of the 'https://org.com/arcgis/rest/info?f=json' query to function properly. Is there a way to add trusted servers to the Hub site configuration to avoid CORS errors?
Solved! Go to Solution.
We got this one sorted out. Somewhere on the web server there was a Web.config file that was adding the "*". I couldn't see it due to our corporate policies but the relevant portion of the configuration file would look something like this:
<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer>
Check your web server configuration to see where this header is being added.
Sorry, don't have an answer, but we're getting the same error with AGO layers. This only recently started up though.
We got this one sorted out. Somewhere on the web server there was a Web.config file that was adding the "*". I couldn't see it due to our corporate policies but the relevant portion of the configuration file would look something like this:
<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer>
Check your web server configuration to see where this header is being added.