A web service for proxying requests to the Esri print service switching out locked down quad-words for wide open ones.
UGRC’s base maps (including the Google imagery) are served via a custom server application called Discover. Part of the advantage of using Discover is that it allows you to secure and track usage via quad-words. These unique words are assigned to a specific user and are locked down to a specific domain or IP address. For example, if my quad-word is locked down to my-domain.com
, then requests originating from any other domain or IP address are blocked by Discover. This prevents unauthorized access of licensed content, as well as allows UGRC to track analytics.
This quad-word system works great . . . until you try to use one of Esri’s out-of-the-box print services. When you send a web map to one of these print services, the service reconstructs all of the layers on the server. This causes requests for base maps to be sent from the ArcGIS Server machine rather than the user’s browser (with your domain as the referrer). We do allow wide-open quad-words (i.e., quad-words not locked down to any domain/IP) to be used by those who need to make requests from servers or other local machines. However, the wide-open quad-words can’t be used in web applications because they could be copied and used by unauthorized users.
This project solves this problem by acting as a proxy between web applications and Esri print services. When it receives a request, it switches out the locked down quad-word with a wide-open one and then sends it on to the print service. It also scrubs the wide-open quad-word from the response to prevent it from being compromised.
- Open a pull request to add a configuration for a new account.
- Use the following url in place of an Esri print service (e.g. default AGOL service):
https://print.agrc.utah.gov/<accountNumber>/arcgis/rest/services/GPServer/export
The account number must have a corresponding key in accounts.js
.
brew install mkcert
mkcert -install
mkcert localhost
- Create
.env
file with print proxy wide open quad-word. touch .env && echo 'OPEN_QUAD_WORD=<wide-open-quad-word>' >> .env
npm install
&npm start
The print widget performs validation on the URL in the properties form. It appears that it has to match something like:
/https?:\/\/.+\/GPServer\/.*/
If the URL passes validation, then it makes a GET request (arcgis/rest/info?f=json
) to get info about the server.
Run npm test
to run jest tests.
There's also an AGOL web app that you can test with.
gcp-terraform/print-proxy
is used for infrastructure setup and GitHub actions are for updates.
Make sure to update Dockerfile
and .node-version
files.