So I have a .net core app which currently throws an error in console saying:
Access to XMLHttpRequest at 'https://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer?f=json&dpi=96&transpa...' from origin 'https://localhost:44348' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://localhost:44348, *', but only one is allowed.
and this is what my Startup file looks like:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddDefaultPolicy(builder =>
{
builder
.WithOrigins("https://localhost:44348/", "https://app.gdi.mk/arcgis/rest/info?f=json",
"Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
services.AddControllersWithViews();
services.AddRazorPages().AddNewtonsoftJson();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
and this is at the top of my View, in a script tag.
require(["esri/config"], function (esriConfig) {
esriConfig.defaults.io.corsEnabledServers.push("http://app.test.mk");
esriConfig.defaults.io.corsEnabledServers.push("https://localhost:44348/");
// esriConfig.defaults.io.corsEnabledServers.push("http://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer");
// esriConfig.defaults.io.corsEnabledServers.push("https://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer?f=json&dpi=96&transparent=true&format=png8");
});
Anyone has any idea what the problem could be? I've been trying things for two days and the app keeps throwing the same error.
I actually figured out my issue, so I'll be posting here and maybe it'll help someone out in the future.
The issue with the CORS policy was that I was doing an $.ajax call and not specifying that the datatype is in JSON format. The browser doesn't like that, so the lack of datatype is considered a security risk by the browser and it blocks it. I did lose quite a bit of time to solve this but at least it's resolved.