Community

Same-origin policy: Why this code runs properly?

1797
3
05-27-2014 12:05 AM
BaghdadAlAlavi
by
New Contributor
‎05-27-2014 12:05 AM
Hi all.
I've installed ArcGIS Server with its default configuration (no web adaptor), then put Javascript API and the following code in the "C:\Inetpub\www" 
 <script src="http://localhost/arcgis_js_api/library/3.9/3.9/init.js"></script>
    <script>
      var map;
  
      require(["esri/map", "esri/layers/ArcGISDynamicMapServiceLayer", "dojo/domReady!"], 
   function(Map, ArcGISDynamicMapServiceLayer) {
        map = new Map("map", {
          center: [0,0], 
          zoom: 3,                
          sliderStyle: "small"
        });
  
   var layer = new ArcGISDynamicMapServiceLayer(
  "http://localhost:6080/arcgis/rest/services/SampleWorldCities/MapServer",{"opacity":0.5}); 
  
  map.addLayer(layer);
      });
    </script>


This is just the script part of webpage. When i call this page via localhost (i.e. http://localhost/mypage.html), this code runs properly and gives me the map.
But according to what i understood from Same-origin policy, it must not work. Simply because above code calls a layer which has different port (6080) from the caller page (which is 80).

Q1: what i'm wrong about? or what i don't understand correctly?
Q2: If i wanna use built-in web server (port 6080), where i have to put my pages?

Best regards
0 Kudos
3 Replies
JakubMalec
by
New Contributor III
‎05-27-2014 03:24 AM
A1: ArcGIS Server has CORS setup by default and accepts any origin.
A2: You should consider using ArcGIS Web adaptor. Then you could have both ArcGIS Server and Web apps on the same port + the real AGS hostname is hidden from the public. You also could, of course do nothing about it and leave it as is and it'll work fine ;]
0 Kudos
BaghdadAlAlavi
by
New Contributor
‎05-27-2014 11:00 AM
I installed web adaptor but still i can use the above page with 6080 port. Why?
However, now i can remove 6080 from links and everything goes fine. but why 6080 is still available?
I mean, someone outside may make a direct connection to arcgis server using 6080 port and access all data.

Thanks
0 Kudos
JakubMalec
by
New Contributor III
‎05-28-2014 01:28 AM
The Web Adaptor just filters and forwards all the requests to the arcgis server which operates on its own port (6080 in your case). So, the AGS still needs to operate on its own port.

People can access all your data through the Web Adaptor, except for the AGS' admin directory (Web Adaptor just filters out requests going to AGS admin directory).

What you can do is deny any incomming traffic to port 6080 on your firewall (leaving the ability to access AGS on port 6080 only from localhost).
0 Kudos