漏洞
When a ArcGIS Server service secured via web-tier authentication is added to a web map widget in a Portal for ArcGIS dashboard, a console error stating "Access to XMLHttpRequest at 'https://server.domain.com/webadaptor/rest/info?f=json' from origin 'https://server.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." is returned.
| 漏洞 ID 编号 | BUG-000142620 |
|---|---|
| 已提交 | September 1, 2021 |
| 上次修改时间 | October 3, 2024 |
| 适用范围 | ArcGIS Dashboards |
| 找到的版本 | 10.9 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 |
| 状态 | Non-Reproducible |
附加信息
Requests sent through a web server, reverse proxy, or load balancer that does not have any restriction of hosts allowed to make CORS requests appear to be allowed from hosts denied by the AllowedOrigins property. Configure the web server, reverse proxy, or load balancer to follow the same restrictions as the ArcGIS Server site: https://enterprise.arcgis.com/en/server/latest/administer/windows/restricting-cross-domain-requests-to-arcgis-server.htm After installing the CORS modules for IIS 10 and configuring the system.webServer, the CORS header error is no longer reproduced: https://docs.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference#cors-configuration https://www.iis.net/downloads/microsoft/iis-cors-module重现步骤
漏洞 ID: BUG-000142620
软件:
- ArcGIS Dashboards
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序