Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is it possible to have crossorigin attribute when loading ArcGIS modules?

See original GitHub issue

Hello, I’m not sure is this related to esri-loader especially, but this is related to ArcGIS JS in general. If this is not the proper place for a ticket, please, give me right direction.

Expected behavior

We use esri-loader + arcgis modules in JS and we want to receive detailed information on errors when they originate from arcgis. In order to have that we need proper CORS info set up and crossorigin=anonymous attribute for arcgis scripts. Using devtools Network tab I can tell that domain already sending proper access-control-allow- headers and we’ve already set crossorigin=anonymous for our arcgis entry point and esri-loader. But the modules which is loaded asynchronously by loader itself does not feature that attribute. That means for us that if error is originating from one of arcgis modules (which potentially might be the case) we would lost stacktrace information and other error details. Is it possible for ArcGIS system to set crossorigin=anynomous for loaded modules?

We use <script src="" crossorigin="anonymous"></script> and <script src="" crossorigin="anonymous"></script>.

Actual behavior

We receive some cryptic errors in our telemetry, they look like ScriptError or RangeError: maximum call stack size exceeded without actual callstacks. Since our own errors got detailed info, our best bet is that non-detailed errors are caused by code from third party domains (or at least some of them). This is in agreement with MDN docs.

Steps to reproduce the behavior

There’s no precise reproduction, since I’m expecting some errors which does not available on demand. But scenario in general would be: include esri-loader and arcgis and load some gis component. The loaded modules would not feature crossorigin=anonymous attribute, because they loaded as a result of dependency resolving by arcgis itself.

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

odoecommented, Jan 24, 2022

The resources repo might be a better place.

andygupcommented, Jan 13, 2022

But it seemes that this is not the only place that creates script elements, there’s another place inside modules that comes from arcgis itself.

Right, you could potentially monkey patch require.injectUrl but it comes with the same challenges and caveats:

Read more comments on GitHub >

github_iconTop Results From Across the Web

Default API Configurations | ArcGIS API for JavaScript 3.42
The ArcGIS JavaScript API has default options that can be overridden. The defaults for all configuration options are stored in the esri/config module....
Read more >
Build with ES modules | ArcGIS Maps SDK for JavaScript 4.25
Working with assets. By default, the API's assets are pulled from the ArcGIS CDN at runtime and there is no need for additional...
Read more >
CORS with the API | ArcGIS Maps SDK for JavaScript 4.25
This topic specifically discusses CORS (Cross Origin Resource Sharing). Additional information on working with proxies can be found in the proxies guide topic....
Read more >
Restrict cross-domain requests to ArcGIS Server
By default, ArcGIS Server allows cross-domain requests (CORS) so JavaScript clients can invoke the server's services from any domain.
Read more >
Using the proxy | Guide | ArcGIS API for JavaScript 3.42
Note: In order to use CORS both the browser and the target web server must support CORS. ArcGIS Server 10.1 supports CORS out...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found