ERROR

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remove resource at https://<custom widget directory>/widget/manifest.json.

Last Published: April 25, 2020

Error Message

When attempting to configure a custom widget in Web AppBuilder for ArcGIS in Portal for ArcGIS, clicking OK does not complete the configuration process. Instead, nothing happens, and the following error is returned in the web browser developer tools console:

Error:   
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remove resource at https://<custom widget directory>/widget/manifest.json (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Note:
Custom widgets are stored on a web server and are accessed through a web address.

Cause

This issue occurs when the response headers sent from Portal for ArcGIS cannot access the Java libraries storing the custom widgets.

Solution or Workaround

Follow the steps listed below to resolve the issue:

  1. Launch Internet Information Services (IIS) Manager.
  2. Navigate to the folder containing the custom widgets in IIS.
Image of the HTTP Response Header selection in Internet Information Services (IIS)
  1. Double-click HTTP Response Headers.
  2. Click Add.
Image of the Add selection in the HTTP Response Headers window
  1. Add the following entry:
Name: Access-Control-Allow-Origin
Value: *
Image of the Add Custom HTTP Response Header window
  1. Click OK.

Article ID:000019442

Software:
  • Portal for ArcGIS

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options