Open tamchuen opened 2 years ago
nheminger
commented
2 years ago Hello @tamchuen,
Thanks for submitting this. In the response from https://gistest.cpr.ca/arcgisportal/sharing/rest/community/self?f=json&token=xxxx in the DevTools network tab, do you see an Access-Control-Allow-Origin response header being sent?
tamchuen
commented
2 years ago No there is no Access-Control-Allow-Origin response. The response code is 401 Unauthorized. Here is the list of response headers: Content-Length: 11660 Content-Type: text/html Date: Fri, 17 Jun 2022 18:37:15 GMT Server: Microsoft-IIS/8.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET
Additional info: I also tried adding the domain https://assistant.esri-ps.com to ‘Allowed Origins’ in Portal settings page, but the issue still remains. (The 'Allowed Origins' list was empty previously) Our portal web adaptor uses IWA (Negotiate + NTLM).
tamchuen
commented
1 year ago @nheminger Do you have any status update on this ?
MarcBate
commented
1 year ago Same issue here IWA Enterprise 11.1, added to Allowed Origins which solved this for other applications. I get the error of CORS header ‘Access-Control-Allow-Origin’ missing.
Btw, there are several options when you register an application (web mapping application, or Other, does it need a url for the application itself or just the redirect. Does it need the oauth redirect also?). Please list exactly which options to select rather than link to the generic help page.
imfnet
commented
7 months ago Bump
Same issues with login/CORS errors
Enterprise 10.9.1 using Windows Authentication login
MarcBate
commented
6 months ago Same here. CORS error 11.1 with Windows Authentication. I click the link it is trying to access and it opens in the browser, just the CORS is preventing it.
Detteor
commented
4 months ago @MarcBate and @imfnet I had this same issue and was able to solve it by removing the trailing slash "/" from the URL in "Allowed Origins" in Organizations > Security and in "Redirect URLs" in the application settings.
MarcBate
commented
4 months ago Wow that's crazy the software is so fragile it can be broken so easily
Describe the bug After login via "ArcGIS Enterprise", the home page shows blank, and there is CORS error messages showing in developer tools
To Reproduce Steps to reproduce the behavior:
See error in developer console :
Access to fetch at 'https://gistest.cpr.ca/arcgisportal/sharing/rest/community/self?f=json&token=xxxx.' from origin 'https://assistant.esri-ps.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Expected behavior It should show the page after sign-in
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context Add any other context about the problem here.