Running 10.5.1 Portal and trying to connect to Survey123 Website. I can see statistics on my surveys, I can download the data from my surveys, but I cannot see the data on the Data tab or use the report writer.
Error Message:
Failed to load https:/XXX.com/portal/sharing/generateToken?request=getToken&serverUrl=https%3A%2F%2Fcomet.pennichuc...: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://survey123.arcgis.com' is therefore not allowed access. The response had HTTP status code 401.
init.js:89 f {message: "Unable to load https://xxx.com/portal…Q..&referer=survey123.arcgis.com&f=json status: 0", response: {…}, status: 0, responseText: "", xhr: XMLHttpRequest, …}
Hi Bryson,
It's a little hard to see with the way the URL auto-shortening has altered the URLs, but the 'Access-Control-Origin' indicates that your portal is not setup properly for cross-domain access, which is needed in the case of Survey123's website to connect to portal. https://enable-cors.org provides information on what is required, why, and how to implement.
I'm also using Portal for ArcGIS 10.5.1 with Survey123, version 3.0 and getting a similar issue. My survey publishes OK, and I'm able to view it in my Survey123 app, but the CORS error occurs when I attempt to run the survey in a browser, whether that be IE, Firefox or Chrome: the same error occurs. I've tried adding the following to my Default web site on the Portal server. I've also tried adding them to the web adaptor only:
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
This makes no difference and same error occurs. Here's the error message in my browser's console:
SEC7120 Origin https://survey123.arcgis.com not found in Access-Control-Allow-Origin header.
I've even tried this:
<add name="Access-Control-Allow-Origin" value=https://survey123.arcgis.com />
I've also tried with just Access-Control-Allow-Origin, without the Access-Control-Allow-Headers or Access-Control-Allow-Methods, but it made no difference.