I haven't been able to find anything online to indicate how esri/request should work via https. Should this work? I'm using js api v3.13.
require[( "esri/request", ... ], function(request, ...) { var printInfo = new request({ url: "https://my.server.url:6443/arcgis/rest/services/Geoprocess/ExportWebMap/GPServer/Export%20Web%20Map", //url: "http://my.server.url:6080/arcgis/rest/services/Geoprocess/ExportWebMap/GPServer/Export%20Web%20Map", content: {"f":"json"} }); printInfo.then( function(response){ console.log("Response: "); console.dir(response); }, function(error){ console.dir(error); });
When I use the https url to my print task the esri/request response object is null but when I use the http endpoint I get a response like I would expect. I never get an error via https, just a null response. Do I have to handle https differently?
I've tested this with print services on two internal (i.e. corporate intranet) servers and get the same result. Servers are at AGS v10.1. One server has a self-signed certificate (this is on Windows), the other has a certificate authorized by our CA (this is on Linux). I've tried this via proxy and directly (via CORS) and results are the same. I've tried accessing my application via https and http and results are the same.
Any tips or suggestions Kelly Hutchins?
Ryan,
I modified one of the Esri sandbox examples - ArcGIS API for JavaScript Sandbox - to use ssl:
ArcGIS API for JavaScript Sandbox
Line 27 - when changed to https, works well. Can you access the ssl link directly without issue?
Have you configured your ArcGIS Server instance to be accessed over both http and https? I think the admin console where you do this is at http://server:6080/arcgis/admin
if so, what happens when you go directly to the url for the print task?
Chris & Joel,
Thanks for your responses. Yes, the servers are configured to allow both HTTP and HTTPS. I can access the print task urls directly in my browser for both HTTP and HTTPS. The problem only occurs from within my app. If esri/request works by default with both protocols there must be another issue. I'm not getting any mixed content warnings or any other errors or warnings, the response object is simply empty over https.
I've added proxy rules for both http and https protocols but the problem persists.
I'm not sure exactly what's going on, because I have an app that uses esriRequest over SSL and it works ok. I do have two ideas though:
Assuming you have IE 11, you can go to the developer tools (F12), go to the network tab, and do a network trace. You can examine the requests and responses, and maybe compare what they look like when going directly versus going through esriRequest. Pretty much all the other browsers, such as Chrome also have this same capability, but I'm most familiar with IE.
Also, I don't access the ArcGIS Server directly (through ports 6080 and 6443) - I use the web adaptor for IIS instead. If you're able, try installing the web adaptor and then take the port numbers out of your urls. It's a long shot, but it may be that the different port numbers are causing your browser to think that you're making cross-domain requests.
Thanks Joel. I'm using Firefox with the Firebug plugin and when I examine the request & response, I see that there is no response via https. The request goes up to the service and there is no response.
I'll investigate installing the web adaptor. CORS is enabled on the server (request header shows Access-Control-Allow-Origin * ) so cross origin requests shouldn't be an issue, and I've tried going through the proxy too and the result is the same.
I've got another project to sort out so I think I'll just park this here for now.
Thanks,
Ryan
Things to check, as mentioned above
- links work when browsing directly
- server white-listed in proxy.config
I tend to write my urls without the protocol to match whatever protocol my page is using:
url: "//my.server.url:6443/arcgis/rest/services/Geoprocess/ExportWebMap/GPServer/Export%20Web%20Map", // or define(["dojo/_base/window"], function(win){ // ... url: win.global.location.protocol + "//my.server.url:6443/arcgis/rest/services/Geoprocess/ExportWebMap/GPServer/Export%20Web%20Map", //...
It may be a mixed-content problem: How to fix a website with blocked mixed content - Security | MDN
Hi Josh,
- links do work directly in the browser
- server (both https and http) urls are whitelisted in the proxy
Since we're not using the web adapter, the http urls differ from the https ones because of the port changes, so omitting the protocol can create invalid urls. For example, :6443 is the port for SSL so a url like http://my.server.url:6443 is not valid, just like https://my.server.url:6080 is not valid (port 6080 is for http). For this reason I include the protocols in my urls.
We're about to upgrade from 10.1 to 10.3 so I think I'll leave this alone and revisit with our new server. It will be an entirely new machine rather than an upgrade of the current one.
Thanks for your advice.
I stripped everything else out of my app and was able to get esri request to work via https. I think my problem was likely mixed active content blocking but it's hard to tell. We're using another api in conjuction with esri and i suspect it's something buried in there causing the problem. Thanks for your suggestions.
Ryan