Community
Select to view content in your preferred language

Large definition expression not using proxy page

982
3
11-08-2013 04:56 AM
DerrickMartin
by
Emerging Contributor
‎11-08-2013 04:56 AM
I'm trying to set a definition expression for a FeatureLayer, and from looking at the generated request, the size is over the 2048 character limit. Ok, no problem, setup a proxy. However, when I do setup the proxy, the request is still going directly to the map service and not going through the proxy page. In an attempt to see what is going on, I set the alwaysUseProxy to true to force it. Now, it is calling the proxy, but it's calling it via a GET request instead of a POST which causes IIS to return a 403 error with the following message "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden.  This web site does not allow Urls which might include embedded HTML tags"
I'm guessing that if it was a POST it might work, but I can't seem to figure out why it's using GET instead, or why when I don't have the alwaysUseProxy set that it doesn't try to use the proxy when it should due to the large size of the query string. Any ideas?

Heres the section of my code where I set the proxy page:

require(['esri/config','esri/map','esri/dijit/BasemapGallery', 'esri/dijit/Basemap', 'esri/dijit/BasemapLayer','esri/layers/ArcGISTiledMapServiceLayer','esri/layers/FeatureLayer','esri/tasks/query','esri/tasks/QueryTask','esri/symbols/SimpleFillSymbol','esri/symbols/SimpleLineSymbol','esri/renderers/SimpleRenderer','esri/graphic','esri/lang','esri/graphicsUtils','dojo/_base/Color','dojo/number','dojo/dom-style','dijit/TooltipDialog','dijit/popup', 'dojo/parser', 'dojo/query','dijit/layout/BorderContainer','dijit/layout/ContentPane','dijit/TitlePane','dojo/domReady!'], function(esriConfig,Map,BasemapGallery, Basemap, BasemapLayer,ArcGISTiledMapServiceLayer,FeatureLayer,Query,QueryTask,SimpleFillSymbol,SimpleLineSymbol,SimpleRenderer,Graphic,esriLang,graphicsUtils,Color,number,domStyle,TooltipDialog,dijitPopup,parser,dojoQuery) {
  parser.parse();


  esriConfig.defaults.io.proxyUrl = 'proxy.ashx';


Here is the request that is generated:

http://arcgisserver/ArcGIS/rest/services/Boundaries/MapServer/5/query?f=json&where=CLLI%20IN%20(%27A...

As you can see, it's sending the request directly as a GET to the arcgisserver instead of POST to the proxy page.
0 Kudos
3 Replies
AndersWartiainen
by
Emerging Contributor
‎12-03-2013 01:24 AM
Did you ever figure out this one?
I am struggling with the same thing now.

Anders...
0 Kudos
EndreStokseth
by
Deactivated User
‎12-04-2013 01:45 AM
I looked at this together with Anders, this is what we found:

The where clause must be encoded before sending the request.
Often simple quotation marks (') are used in the where clause, and some browsers seems to encode simple quotation marks and others don't.

What probably happens is that the API encodes the where-clause, and it does not encode simple qutation marks. The API then checks if the total url length is more than 2000(?) characters, if so it uses POST instead of GET.

But in our case FireFox did also encode the simple qutation marks, resulting that the request url length was larger than 2000 characters and still using GET method. This resulted in response error.

Simple marks quotation (') is encoded as  %27
http://www.w3schools.com/tags/ref_urlencode.asp

Javascript function encodeURI() does not encode simple quotation marks.
0 Kudos
KyleEinspahr
by
Deactivated User
‎07-09-2014 02:17 PM

So, using your post as info, we did the following:

  1. Manually encoded the simple marks quotation in the setDefinitionExpression call.
  2. In the proxy.ashx
    1. Replaced "%2527" with a simple mark quotation '
      1. The api encoded the "%" character, production "%2527"
    2. We did this in the uri if it was a GET request
    3. We did this in the post body if it was a POST request
      1. You have to convert the post body to a string, do the replacement, and convert it back to a byte array.

This prevented the response error.

0 Kudos