AnsweredAssumed Answered

PROXY and CORS (Control-Allow-Origin)

Question asked by tobe81cwb on Apr 28, 2016
Latest reply on Apr 2, 2019 by epuriarun



I'm having problems to set the proxy for my application!


My current setup:

- ArcGIS Server 10.4 on 'server.virtual.private' or ''

- Proxy .NET running with IIS 8.5 on 'server.virtual.private' (same machine than ArcGIS Server 10.4)

- Application with Javascript API 3.16 on 'host-vm' or '' (with


Installed the proxy from GitHub

Put the .NET version on a inetpub\wwwroot subfolder, created a app, etc...


Then, I tested the proxy (according with the


"Test that the proxy is installed and available":


Got a valid response:

{ "Proxy Version": "1.1.0", "Configuration File": "OK", "Log File": "Not Exist/Readable"}


"Test that the proxy is able to forward requests directly in the browser using":


Got a valid response:

   "supportedQueryFormats":"JSON, AMF",



So, the proxy appear to be OK!


Then, I edited the proxy.config file, with this content (this is for test development):

<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*" mustMatch="false">
      <serverUrl url="http://server.virtual.private" matchAll="true" username="siteadmin" password="secret" />



Then, according with, and document on Using the proxy | Guide | ArcGIS API for JavaScript I must put the URL of the proxy on my javascript application.

I put the following lines on top of main file of application: = 'http://server.virtual.private/DotNet/proxy.ashx'; = false;


Tested my application and got a 500 response when asked for a Feature Layer.

"XMLHttpRequest cannot load http://server.virtual.private/DotNetProxy/proxy.ashx?http://server.virtual.private/arcgis/rest/services/teste/TEST_SERVICE/FeatureServer?f=json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested source. Origin '' is therefore not allowed access.".


So, I got a CORS! but according with the documentation on Using the proxy | Guide | ArcGIS API for JavaScript:

"ArcGIS Server 10.1 supports CORS out of the box."

OK, I have some problems now!!


In same documentation:

"For earlier versions, an administrator can add CORS support. Visit for detailed instructions"


Let's try anyway!

Modified the web.config file on proxy application on IIS (from lines 07 to 15).

<?xml version="1.0"?>
    <compilation debug="false" targetFramework="4.0"/>

        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="*" />
        <add name="Access-Control-Allow-Methods" value="*" />

      <add name="TraceLevelSwitch" value="Info" />
    <trace autoflush="true" indentsize="4">
        <add name="agsProxyLogListener" type="System.Diagnostics.TextWriterTraceListener"
             initializeData="C:\Temp\Shared\proxy_logs\auth_proxy.log" />
        <remove name="Default" />


Now, I get a new error!

"XMLHttpRequest  cannot load http://server.virtual.private/DotNetProxy/proxy.ashx?http://server.virtual.private/arcgis/rest/services/teste/TEST_SERVICE/FeatureServer?f=json. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.".


So, what's the correct way to configure the proxy? Because I do everything that was on documents, and got errors.