AnsweredAssumed Answered

Esri client accesses invalid URLs when trying to render map

Question asked by alehmann on Jan 11, 2019
Latest reply on Jan 14, 2019 by alehmann

Yesterday we encountered the following problem on a customer's system: During loading of the map, the runtime makes calls to URLs that are not part of the Web Adaptor / ArcGIS Server. This leads to problems when access to invalid URLs is replied to with a 403 status code.

 

The setup is as follows:

The map service that's configured as endpoint for our app is like this:

https://arcgis.<customer>.com/<webadaptor>/rest/services/<app_service>/MapServer

During loading of the map, the runtime makes a call to

https://arcgis.<customer>.com/rest/info?f=json

Note the missing "<webadaptor>" part. Our customer's infrastructure is set up so that requests to invalid URLs (the URL without web adaptor is not mapped) result in a 403 response. Apparently the runtime then thinks that the user is not authorized to view the map and fails the load.

 

On our own internal system we were able to see the same pattern of requests with the difference that our system does not respond with a 403 on invalid urls but a 404 - which seems fine for the runtime as it then calls the correct url right afterwards.

 

Our app is a Xamarin.Forms app using the 100.3 release of the runtime.

 

Is this documented behaviour or a bug in the runtime? We might be able to convince our customer's IT in this case to either forward the /rest path to the web adaptor or change the response to a 404 but they are a bit "surprised" (to put it mildly) that our app is accessing paths it is not supposed to.

 

We would appreciate any guidance on this on how to make sure our app only accesses ArcGIS resources - maybe this is fixed in 100.4 already?

Outcomes