Hi All, i want to hide the token passed as a query parameter in every map request. The Web App Builder application is querying arcgis portal for resources passing the token every time. I need to hide this token from the query parameter. I found that ESRi has suggested to send the token in the X-ESRI-Authorization header instead of as query parameter in the below link
[Access ArcGIS token-secured web services—ArcGIS Server Administration (Windows) | Documentation for Ar...](https://enterprise.arcgis.com/en/server/latest/administer/windows/accessing-arcgis-token-secured-web...)
Kindly let me know how to configure the JavaScript application to send the token in the X-ESRI-Authorization header instead of as query parameter.
Thanks
Hari
Solved! Go to Solution.
Hi,
Try to modify the code to include the token in the header.
for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript
esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});
You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.
Hi @Omar_A
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?
Hi,
Try to modify the code to include the token in the header.
for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript
esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});
You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.
Hi @Omar_A
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?
Hi,
I am Alex. I am not an expert in this but is it possible to do it with interceptors (previously with a token) with something like this:
esriConfig.request.interceptors.push({
// interceptar todas las solicitudes
urls: ["https://services5.arcgis.com/"],
before: function(params) {
console.log("Interceptando solicitud:", params.url);
// Agregar un encabezado personalizado
params.requestOptions.query = params.requestOptions.query || {};
params.requestOptions.query.token = token;
},
after: function(response) {
console.log("Interceptando respuesta:", response);
// Manejar la respuesta aquí si es necesario
return response;
},
error: function(error) {
console.error("Error en la solicitud:", error);
// Manejar errores aquí si es necesario
return Promise.reject(error);
}
});
It gives as an error:
Crossed origin request blocked. Same origin policy is not allowed in remote resources in https://services5.arcgis.com/xyzxyz/arcgis/rest/services/xyzxyzx/FeatureServer?f=json. (‘x-esri-authorization’ header not permited in header ‘Access-Control-Allow-Headers’ previous verification of CORS response).
Thank you,