[Geoserver-users] No 'Access-Control-Allow-Origin' header is present

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without using Tomcat) I can render the Geoserver layer in my web application which is in my location machine. But when I click on any feature to get information, I have received the following error message.

XMLHttpRequest cannot load http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7 in another Windows 2008 Server. At that time I have added the below things in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file. Afterthat issue was solved.

CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

So how & where should I add this in my current case. Kindly give me a solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

Hi Venkat,

···

2014-03-05 6:15 GMT+01:00 venky <venky.src@anonymised.com>:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without using Tomcat) I can render the Geoserver layer in my web application which is in my location machine. But when I click on any feature to get information, I have received the following error message.

XMLHttpRequest cannot load http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

This happens because the info feature needs to be done using an Ajax request and by default Ajax requests are limited by all browsers to only connect to the domain hosting your web application. Any time you access geoserver on a different domain you will get that error, unless, as you said, Tomcat is configured to add an “Access-Control-Allow-Origin” header to allow which clients can connect.

So you have two solutions:

  • put your web application and geoserver on the same domain
  • enable CORS on the geoserver Tomcat, as you did in your example configuration (maybe you can limit access only to your webapp host instead of allowing any client)

Mauro

venky <venky.src <at> gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without

using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load

http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:3311' is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7

in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>

&lt;param\-value&gt;\*&lt;/param\-value&gt;

</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>

</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers</param-value>

</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-

Credentials</param-value>

</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>

<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

So how & where should I add this in my current case. Kindly give me a

solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

--------------------------------------------------------------------------

----

Subversion Kills Productivity. Get off Subversion & Make the Move to

Perforce.

With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and

the

freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?

id=122218951&iu=/4140/ostg.clktrk

_______________________________________________
Geoserver-users mailing list
Geoserver-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No 'Access-Control-Allow-Origin' error. Is there a step
im missing? The last bit of my web.xml code looks like this:

<mime-mapping>
        <extension>zmm</extension>
        <mime-type>application/vnd.handheld-entertainment+xml</mime-type>
    </mime-mapping>

  <!-- ==================== Default Welcome File List =====================
-->
  <!-- When a request URI refers to a directory, the default servlet looks
-->
  <!-- for a "welcome file" within that directory and, if present, to the
-->
  <!-- corresponding resource URI for display.
-->
  <!-- If no welcome files are present, the default servlet either serves a
-->
  <!-- directory listing (see default servlet configuration on how to
-->
  <!-- customize) or returns a 404 status, depending on the value of the
-->
  <!-- listings setting.
-->
  <!--
-->
  <!-- If you define welcome files in your own application's web.xml
-->
  <!-- deployment descriptor, that list *replaces* the list configured
-->
  <!-- here, so be sure to include any of the default values that you wish
-->
  <!-- to use within your application.
-->

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
  
<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-
Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-
Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

A couple more options:

I’ve successfully used both the AAR and cors-filter approaches on larger projects.

Hope this helps.

David

···

On Fri, Aug 15, 2014 at 12:11 PM, Mitchel <mblais29@anonymised.com> wrote:

venky <venky.src gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without
using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load
http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No ‘Access-Control-Allow-Origin’ header is present on the requested
resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7
in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.

CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins

*


cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT

cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers

cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-

Credentials

cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

So how & where should I add this in my current case. Kindly give me a
solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.



Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?
id=122218951&iu=/4140/ostg.clktrk


Geoserver-users mailing list
Geoserver-users lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No ‘Access-Control-Allow-Origin’ error. Is there a step
im missing? The last bit of my web.xml code looks like this:

zmm application/vnd.handheld-entertainment+xml index.html index.htm index.jsp CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control- Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow- Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Mitchel,

I believe the convention is to keep discussions on the list so added everyone else back in.

I’m guessing you forgot to include the filter-mapping within the web.xml - this is used to activate the CORS filter against GeoServer’s content.

<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

Depending on your security requirements you may also wish to restrict the access buy customizing the cors.allowed.origins init param (http://software.dzhuvinov.com/cors-filter-configuration.html).

David

···

On Fri, Aug 15, 2014 at 1:48 PM, Mitchel Blais <mblais29@anonymised.com> wrote:

Hi David,

I tried your third option and I am still getting the error. I added the code to tomcat8/conf/web.xml:

CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers

Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers

cors.exposed.headers

Access-Control-Allow-Origin,Access-Control-Allow-Credentials

cors.support.credentials true cors.preflight.maxage 10

Then I downloaded the ‘cors-filter-2.1.jar’ file from the link you sent me and placed it in the ‘tomcat8\webapps\geoserver\WEB-INF\lib’ folder and restarted Apache Tomcat and i was still getting the error? Am I missing something or a step?

On Fri, Aug 15, 2014 at 1:14 PM, David Zwiers <david.zwiers@anonymised.com> wrote:

A couple more options:

I’ve successfully used both the AAR and cors-filter approaches on larger projects.

Hope this helps.

David

On Fri, Aug 15, 2014 at 12:11 PM, Mitchel <mblais29@anonymised.com> wrote:

venky <venky.src gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without
using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load
http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No ‘Access-Control-Allow-Origin’ header is present on the requested
resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7
in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.

CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins

*


cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT

cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers

cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-

Credentials

cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

So how & where should I add this in my current case. Kindly give me a
solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.



Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?
id=122218951&iu=/4140/ostg.clktrk


Geoserver-users mailing list
Geoserver-users lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No ‘Access-Control-Allow-Origin’ error. Is there a step
im missing? The last bit of my web.xml code looks like this:

zmm application/vnd.handheld-entertainment+xml index.html index.htm index.jsp CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control- Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow- Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users