漏洞
In ArcGIS StoryMaps, the error message, "This content isn’t supported here. Please try another link." is returned when embedding a PDF in a sidecar.
| 漏洞 ID 编号 | BUG-000149809 |
|---|---|
| 已提交 | June 7, 2022 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | N/A |
| 操作系统 | N/A |
| 操作系统版本 | N/A |
| 状态 | As Designed |
附加信息
For security reasons, PDFs from the web must have the required cross-origin resource sharing (CORS) headers to be embedded in a story or collection. This is documented here in the ArcGIS StoryMaps FAQ: https://doc.arcgis.com/en/arcgis-storymaps/get-started/faq.htm#anchor19. The only situation where this does not apply is for PDFs hosted on the arcgis.com domain. This is because this is the same domain where ArcGIS StoryMaps is hosted, so there are no cross-domain security requirements (see the Workaround section). Note that PDFs hosted on the esri.com domain are also subject to these requirements. It is the decision of the Esri marketing departments whether to include these headers or not and at least the PDF provided in the bug report does not currently have the required headers to allow embedding. This issue is closed since it is not a software bug or defect. The software is behaving as designed according to the security requirements.解决办法
If there is a PDF file on the web that cannot be embedded in ArcGIS StoryMaps because it does not have the required cross-origin resource sharing (CORS) security headers, download the PDF file, upload it as an item to the ArcGIS account, share it with everyone, and use the public URL to embed it in a story or collection.
PDFs stored as items in ArcGIS Online and shared with everyone may be embedded in ArcGIS StoryMaps. This is because the PDF is being served from the same domain as where ArcGIS StoryMaps is hosted (arcgis.com), so there are no cross-domain security requirements.
重现步骤
漏洞 ID: BUG-000149809
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序