I was looking on Geoserver cross domain support (no-proxy) recently and I managed to get it working by compiling custom filter for Jetty 6.1.8. The filter is based on CrossOriginFilter which is supplied with newer versions of jetty-servlets.jar. I have fixed some white-space bugs and tested it with OpenLayers 2.12, IE, FF and Chrome.
You can follow the same rules as described here: http://wiki.eclipse.org/Jetty/Feature/Cross_Origin_Filter but:
1.Do not include the jar. Instead, put content of this archive http://shanbe.hezoun.com/cors.zip into the \webapps\geoserver\WEB-INF\classes folder.
2. use org.mortbay.servlets.CrossOriginFilter
insteand of org.eclipse.jetty.servlets.CrossOriginFilter
3. do not use additional spaces in allowedHeaders defs (like this: “x-request-with, content-type”)
You can put follwing conf. inside the \webapps\geoserver\web.xml to allow CORS requests from all domains:
cross-origin
org.mortbay.servlets.CrossOriginFilter
allowedOrigins
*
allowedMethods
GET,POST
allowedHeaders
x-requested-with,content-type
…
…restart the geoserver and it should work.
Regards,
Dusan Fedorcak