I'm thinking in a circle here. If I have my application and proxy configuration deployed on appserver.com and my gis services on gisserver.com, when I edit my proxy.config file to tighten the security. then allowReferers would be to "gisserver.com" , wouldn't it?
Or am I telling the GIS server to only allows requests from the application server?
Solved! Go to Solution.
Tracy Schloss:
Or am I telling the GIS server to only allows requests from the application server?
I think this is correct. allowedReferers is who can make the request and serverUrls is where the request can go. So in this case I think you would want allowedReferers to be appserver.com and you would put gisserver.com in your serverUrls configuration. This way the proxy will only allow appserver.com to make requests to gisserver.com and nothing else.
In case you haven't seen this, I find this to be a decent resource for what some of the configurations are and how to set them up.
Tracy Schloss:
Or am I telling the GIS server to only allows requests from the application server?
I think this is correct. allowedReferers is who can make the request and serverUrls is where the request can go. So in this case I think you would want allowedReferers to be appserver.com and you would put gisserver.com in your serverUrls configuration. This way the proxy will only allow appserver.com to make requests to gisserver.com and nothing else.
In case you haven't seen this, I find this to be a decent resource for what some of the configurations are and how to set them up.
Thanks, we'll give it a try. I haven't needed a proxy page set up for very many things, and I'm surprised how few resources I've found for examples. I guess most people must be using the files from gitHub as-is, except for their serverUrls.
Are you using the proxy for custom printing?
Yea thats exactly right. Thats pretty much what we did the last time we used their proxy. I think all browsers now support CORS except for IE < 10 and most services now have the Access-Control-Allow-Origin header set to "*", so maybe in the near future we wont really need proxies except for very large GET requests, which proxies convert to POST so they can work.
We're obliged to support IE 9, at least until the end of the year.
No, to get past the cross domain issue.
So is your application on a web server that is not the same as your GIS server(s)?
Exactly. It's for another agency, so they'll host it on their server and point to services on our GIS server. Typically we host our own maps, but this is actually an application that has just a little bit of GIS to it, embedded within a .NET app. (I didn't know how possible that would be, but it turns out there's not much to it.).
Wow, this is a topic from long ago, but I still have something to add.
I needed this info, but it wasn't complete for me. I found out I need to add "/*" behind the appserver.com, so "appserver.com/*" for this to work, or even more specific "<servername>.appserver.com/*".
Thanks also to: https://github.com/Esri/resource-proxy/issues/282