Select to view content in your preferred language

CORS Error loading webmap with Windows Auth that uses external Registered Layer

04-10-2023 12:46 PM
Occasional Contributor


My customer in this application has ArcGIS Enterprise Portal with Integrated Windows Authentication. I am trying to display for their users a Web Map using the Javascript API. My code is quite simple:






            esriId.getCredential(portalUrl + "/sharing").then(() => {
                const webmap = new WebMap({
                    portalItem: {
                        id: itemId,
                        portal: {
                            url: portalUrl

                const view = new MapView({
                    container: "viewDiv",
                    map: webmap







This code correctly displays the map and starts loading the various layers configured in the Web Map. Some of those layers are actually registered items pointing to a Feature service hosted on another site. And the item has been configured with stored credentials. The end user does not have their own credentials for the external site. For some of the layers this works fine, but for those hosted on ArcGIS Online, I'm seeing this error:

Failed to load The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.


I confirmed that the value for Access-Control-Allow-Origin is in fact *, which seems to usually be the case when loading data from ArcGIS Online. That's a problem here though, because with Integrated Windows Authentication, the portal requires credentials to be passed. For other requests, ie where the source URL is not AGOL,  it's actually returning my own site as the allowed origin, which works.


This may be an unusual configuration, but is there a way to make it work?


0 Kudos
0 Replies