Community
Select to view content in your preferred language

Cross Origin Resource Sourcing (CORS) with Safari 5.1.7

2511
5
05-16-2012 03:22 PM
by Anonymous User
Not applicable
‎05-16-2012 03:22 PM
Original User: sjones

Hi All

I have found an issue with the Javascript RIA Viewer when run against non-IE browsers (Safari 5.1.7). I don't think it is an ESRI thing because the same web viewer works fine with Internet Explorer 8 and Internet Explorer 9.

I have managed to narrow the issue down to CORS (Cross Origin Resource Sharing), which is supported by ESRI.
http://blogs.esri.com/esri/arcgis/2011/09/23/version-2-5-of-the-arcgis-api-for-javascript-released-t...

The workaround for flex and Silverlight RIA's  has been to ensure crossdomain.xml and clientaccesspolicy.xml exists in the www root of the server. This implementation does not work for the javascript viewer.

Tested Platforms
I have been testing on Windows Safari, a Mini Mac and an IPAD.

The Javascript Viewer handles the security with Internet explorer on the same windows machine.

Error Messaging returns the following.

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)

XMLHttpRequest cannot load http://vm-svr155/HBRC.EV.RESTServices/Config/Download/HBRC. Origin http://localhost is not allowed by Access-Control-Allow-Origin.

Further debugging from Fiddler show

This request did not send any cookie data.

I have set up my web.config to include the client access policies and the requests to include Access-Control-Allow-Origin to be �??*�?�.

Apple devices are becoming popular field devices and should really need to be supported.

You�??ll see the html request is formed differently between the internet explorer and non-IE version.

Internet Explorer 9 �?? All Good
Safari 5.17 �?? Fails with Windows, Mini Mac and iPad

(Attached are the request logs from Fiddler)

Susan
fiddlerSafari_Request.txt.zip
fiddlerIE_Request.txt.zip
0 Kudos
5 Replies
by Anonymous User
Not applicable
‎05-17-2012 03:17 PM
Original User: sjones

This is a real showstopper for the ESRI Javascript 2.5 api.
http://help.arcgis.com/en/webapi/javascript/arcgis/help/jssamples/exp_cors_edit_points.html

it seems ESRI Have tested Safari against secure (and unsecure services in this case).  but it still does not work.

have opened a call with local ESRI Support but heard nothing.
0 Kudos
derekswingley1
by
Deactivated User
‎05-17-2012 09:12 PM
Can you test with our CORS samples and confirm they work with Safari in your set up:
http://help.arcgis.com/en/webapi/javascript/arcgis/help/jssamples/exp_cors_buffer.html
http://help.arcgis.com/en/webapi/javascript/arcgis/help/jssamples/exp_cors_edit_points.html

I have a feeling it's a matter of getting your server configured correctly�?? support should be able to help with this. Please post back and let us know how this progresses.
0 Kudos
by Anonymous User
Not applicable
‎05-17-2012 09:24 PM
Original User: sjones

Hi Derek
Many thanks for getting back to me.
Please could you cast some suggestions what should be enabled between the server - both are configured for anaonymous and windows authentication.

The site works for IE 8 and 9 but fails with Safari 5.1.7 (I'd expect exactly the opposite).

There is lots of reports on the subject but very little to test against in Ajax.

Yes, the example with Arcgisonline works for me. I have it set up as a startup page in the same browser. I agree - it is something on ourproduction and development servers. Cannot pin point it.

It seems to be with the http request (nothing is returned)

HTTP/1.1 405 Method Not Allowed
Cache-Control: private
Allow: GET
Content-Length: 1565
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 18 May 2012 05:17:38 GMT


Thanks for taking an interest

Susan

Can you test with our CORS samples and confirm they work with Safari in your set up:
http://help.arcgis.com/en/webapi/javascript/arcgis/help/jssamples/exp_cors_buffer.html
http://help.arcgis.com/en/webapi/javascript/arcgis/help/jssamples/exp_cors_edit_points.html

I have a feeling it's a matter of getting your server configured correctly�?? support should be able to help with this. Please post back and let us know how this progresses.
0 Kudos
derekswingley1
by
Deactivated User
‎05-18-2012 05:20 AM
Can you elaborate on how you enabled CORS on your server? What specific things did you do?
0 Kudos
by Anonymous User
Not applicable
‎05-20-2012 06:21 PM
Original User: sjones

I have set CORS-related parameters as

    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS, HEAD" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
0 Kudos