English

Error: Cross-Origin Request Blocked

Error Message

Accessing ArcGIS Server services via ArcGIS Server REST Directory fails and returns the following error:

Error:
Cross-Origin Request Blocked:The Same Origin Policy disallows reading the remote resource at https://<FQDN>/portal/sharing/generateToken?request=getToken&serverURL<etc.>

 

Cause

The Fully Qualified Domain Name (FQDN) is listed under the Allow Origins settings in Portal for ArcGIS. The domain listed in the settings must match the exact request sent from the browser. Portal for ArcGIS does not allow access to the browser if a mismatch exists. The following image shows an FQDN listed under the Allow Origins settings in the Portal for ArcGIS settings page.
The image of Allow Origins setting with sample domain.

Note:
By default, ArcGIS Server allows all JavaScript applications to access web services. To prevent JavaScript applications hosted on other domains from using the web services, ArcGIS Server can be configured to include a list of trusted domains. This reduces the possibility of an unknown application sending malicious commands to the web services. For more information, refer to the web help document ArcGIS Server: Restricting cross-domain requests to ArcGIS Server.

 

Solution or Workaround

Remove the FQDN listed under the Allow Origins settings. The following instructions describe how to do this.

Note:
The steps below are only possible using a Portal for ArcGIS administrator account.
 
  1. Login to the Portal for ArcGIS Home page using an administrator account.
  2. On the Portal for ArcGIS Home page, click Organization.
The image of Portal for ArcGIS Home page.
  1. On the Organization page, click EDIT SETTINGS.
The image of Organization page.
  1. On the settings page, click Security.
The image of the settings page.
  1. On the Security settings page, scroll to Allow Origins. Click the red x symbol to remove the desired FQDN listed under the Allow Origins settings.
The image of the Allow Origins setting.

Related Information