I am working on my local machine with JSAPI in VS Code, and I'm getting the following CORS related error thrown at me in Chrome Dev Tools:
Access to XMLHttpRequest at 'https//... my environment ..../MapServer?f=json'
from origin 'http://localhost:8080' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
I've read enough about CORS to understand its purpose, and that according to ESRI, ...
By default, ArcGIS Server allows cross-domain requests so Javascript clients can invoke the server's services from any domain.... (Restrict cross-domain requests to ArcGIS Server—ArcGIS Server Administration (Linux) | ArcGIS Enterp...)
So I think no additional tweaks to the web server are warranted. I've been able to "work around" this by developing in a directory that's on the same Dev/Test box where my map services are running on. This works great. Additionally, I've reviewed 'Allowed Origins' in ArcGIS Server Administrator to make it meets my needs.
Are there other adjustments I could make that would allow me to still do all my work locally and hit AGS map services without CORS issues? I get the sense from reading various threads online that a lot of folks new to working with JSAPI may be running into this. But I haven't found the ESRI documentation tremendously illuminating.