Hello Joe,
I believe newer versions of Tomcat (8.5, 9.0) require slightly more strict CORS configuration than older versions.
I have had some success with the following general configuration (on Tomcat 8.5):
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Methods</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This is a simple configuration that pretty much allows everything. If you are just running GeoServer locally, this is fine, but it should not be used for any sort of production system - in that case, you should adjust origins and methods as appropriate.
(One other note: If you are testing on Chrome, the web console, under Developer Tools, should report whether a request was blocked because of CORS. If it doesn’t, there is likely some other reason for the 403 response)
Cheers,
Torben
On Mon, Sep 10, 2018 at 10:48 AM Andrea Aime <andrea.aime@anonymised.com> wrote:
Hi Joe,
question, do you have service security set up, so that GeoServer would outright deny
a request unless the user making the request is authorized to?
E.g., something like denying any WFS request if the user does not have a particular role?
Cheers
Andrea
On Mon, Sep 10, 2018 at 7:13 PM Joe Murphy <joseph.b.murphy1@anonymised.com> wrote:
I’m not super up to speed on how you are using CORS. But i have it working fine in my build. Please let me know how I can help…
Geoserver 2.13.2.war, Tomcat 9.0.7, Debian Docker Container.
Maybe just looking at my web.xml file would help?
Joe
On Mon, Sep 10, 2018, 10:05 AM Andrea Aime <andrea.aime@anonymised.com> wrote:
Hi,
for the longest time CORS has been “not our problem”, it’s normally managed in the web container (e.g., Tomcat, Jetty) or in
the eventual application fronting GeoServer (e.g., Apache, NGINX).
Maybe things have changed with the latest versions of Spring, if I search for preflight test I find all sorts of configurations to be
made in Spring in order to allow them (none of them immediately compatible with how GeoServer works though).
It could be that CORS needs to be managed directly in GeoServer when authentication is involved… but to be honest, I don’t know,
I’m not a javascript developer and have no clue if the preflight tests can be properly supported by just configuring the container,
or if they actually need some code change in GeoServer.
I understand it’s not very helpful, but it’s all I have for the “5 minutes user help” I can provide on this list.
Cheers
Andrea
On Tue, Sep 4, 2018 at 10:14 PM Steric, Nenad <Nenad.Steric@anonymised.com> wrote:
Hello,
i had a working geoserver installation last year where CORS was enabled,
but for some reason now I cannot reproduce this.
I have posted all the details to
https://gis.stackexchange.com/questions/294744/geoserver-wms-cors-enabled-in-web-xml-still-error
but I can repost them here if you need this.
From the error message (or lack of) it seems that
CORS should be active
But the pre-flight OPTIONS-request yields a Forbidden response.
This is strange as this exact code I am using was working last year.
Did the checks of the browser (Chrome,FF, I think I also tested IE ) change ?
Do you have any other idea what I could check or change ?
Thanks,
Nenad
P.S. Aktuelle Veranstaltungen: zuehlke.com/events
Zühlke Blog: blog.zuehlke.com
Nenad Steric
Expert Software Engineer
Zühlke Engineering (Austria) GmbH
Rivergate, Handelskai 92, 1200 Wien, Österreich
Phone +43 1 205 11 6855
nenad.steric@anonymised.com
This e-mail is for the addressees only. The information it contains is confidential
and may be legally privileged. If you are not an addressee you must not distribute,
copy, disclose, use or rely on this e-mail or its contents and you must immediately
notify the sender you are in receipt of this e-mail and delete all copies from your
system. Any unauthorised use may be unlawful.
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users