[Geoserver-devel] [JIRA] (GEOS-9401) Multiple CORS header in response

Pierre Noll created an issue

GeoServer / BugGEOS-9401

Multiple CORS header in response

Issue Type:

BugBug

Affects Versions:

2.15.2

Assignee:

Unassigned

Attachments:

web.xml

Components:

Configuration

Created:

17/Nov/19 2:49 PM

Environment:

Docker image kartoza/geoserver:2.15.2 on Centos7 host.

Priority:

HighHigh

Reporter:

Pierre Noll

I use geoserver to publish WMS layers that will be consumed by a web app through OpenLayer v6.

I enabled the CORS by uncommenting the corresponding <filter> and <filter-mapping> balises of the web.xml.

First I loaded the WMS using the basic tileLoader of openLayer which consists of passing the WMS request URL to the src property of an <img> element. So far everything worked.
Then I wanted the loader to be costumized and I used xhr to make the request myself. I notice that when the request header Origin is set (in my case to http://localhost:8080) then the response of geoserver contains CORS headers twice and in particular the Access-Control-Allow-Origin header which is not allowed by CORS policy and so the request failed.

Here is an exemple of an http request that will have a response with the CORS headers twice :

Unable to find source-code formatter for language: txt. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml

GET /geoserver/wms?service=WMS& version=1.1.0& request=GetMap& layers=pont-royal:exutoire& format=image%2Fpng& srs=EPSG:4326& SERVICE=WMS& VERSION=1.3.0& REQUEST=GetMap& FORMAT=image%2Fpng& TRANSPARENT=true& WIDTH=320& HEIGHT=320& CRS=EPSG%3A4326& STYLES=& FORMAT_OPTIONS=dpi%3A113& BBOX=46.1590576171875%2C5.5975341796875%2C46.16455078125%2C5.60302734375 HTTP/1.1
Host: *your_host*
Origin: http://localhost:8080
User-Agent: PostmanRuntime/7.19.0
Accept: */*
Cache-Control: no-cache
Postman-Token: e5847336-c409-4a44-b52b-5228748e1fdf,50c1a986-dc42-47e4-8aac-4c6cff62f905
Host: *your_host*
Accept-Encoding: gzip, deflate
Cookie: GS_FLOW_CONTROL=GS_CFLOW_-390786e1:16e6e3a0b83:-7ef6
Connection: keep-alive
cache-control: no-cache

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100114-sha1:9fc4561)

Atlassian logo