[Geoserver-users] No 'Access-Control-Allow-Origin' header is present

venky · March 5, 2014, 5:15am

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without using Tomcat) I can render the Geoserver layer in my web application which is in my location machine. But when I click on any feature to get information, I have received the following error message.

XMLHttpRequest cannot load http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7 in another Windows 2008 Server. At that time I have added the below things in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file. Afterthat issue was solved.

CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

So how & where should I add this in my current case. Kindly give me a solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

Mauro_Bartolomeoli3 · March 5, 2014, 8:17am

Hi Venkat,

···

2014-03-05 6:15 GMT+01:00 venky <venky.src@anonymised.com>:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without using Tomcat) I can render the Geoserver layer in my web application which is in my location machine. But when I click on any feature to get information, I have received the following error message.

XMLHttpRequest cannot load http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

This happens because the info feature needs to be done using an Ajax request and by default Ajax requests are limited by all browsers to only connect to the domain hosting your web application. Any time you access geoserver on a different domain you will get that error, unless, as you said, Tomcat is configured to add an “Access-Control-Allow-Origin” header to allow which clients can connect.

So you have two solutions:

put your web application and geoserver on the same domain
enable CORS on the geoserver Tomcat, as you did in your example configuration (maybe you can limit access only to your webapp host instead of allowing any client)

Mauro

Mitchel · August 15, 2014, 6:11pm

venky <venky.src <at> gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without

using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load

http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:3311' is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7

in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
&lt;param\-value&gt;\*&lt;/param\-value&gt;
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>

</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers</param-value>

</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-

Credentials</param-value>

</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>

<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

So how & where should I add this in my current case. Kindly give me a

solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

--------------------------------------------------------------------------

----

Subversion Kills Productivity. Get off Subversion & Make the Move to

Perforce.

With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and

the

freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?

id=122218951&iu=/4140/ostg.clktrk

_______________________________________________
Geoserver-users mailing list
Geoserver-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No 'Access-Control-Allow-Origin' error. Is there a step
im missing? The last bit of my web.xml code looks like this:

<mime-mapping>
        <extension>zmm</extension>
        <mime-type>application/vnd.handheld-entertainment+xml</mime-type>
    </mime-mapping>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-
Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-
Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

David_Zwiers · August 15, 2014, 7:14pm

A couple more options:

Configure IIS to handle the CORS callbacks - http://enable-cors.org/server_iis7.html
Configure IIS to act as a reverse proxy using AAR - http://blogs.msdn.com/b/carlosag/archive/2010/04/02/setting-up-a-reverse-proxy-using-iis-url-rewrite-and-arr.aspx
Update the web.xml file within the geoserver.war file using the syntax above; you may also need to add the cors jar into the war file - http://software.dzhuvinov.com/cors-filter-installation.html

I’ve successfully used both the AAR and cors-filter approaches on larger projects.

Hope this helps.

David

···

On Fri, Aug 15, 2014 at 12:11 PM, Mitchel <mblais29@anonymised.com> wrote:

venky <venky.src gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without
using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load
http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No ‘Access-Control-Allow-Origin’ header is present on the requested
resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7
in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.
CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins
*

cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT
cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers

cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-

Credentials

cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*
So how & where should I add this in my current case. Kindly give me a
solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?
id=122218951&iu=/4140/ostg.clktrk

Geoserver-users mailing list
Geoserver-users lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No ‘Access-Control-Allow-Origin’ error. Is there a step
im missing? The last bit of my web.xml code looks like this:
zmm application/vnd.handheld-entertainment+xml index.html index.htm index.jsp CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control- Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow- Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

David_Zwiers · August 15, 2014, 10:17pm

Hi Mitchel,

I believe the convention is to keep discussions on the list so added everyone else back in.

I’m guessing you forgot to include the filter-mapping within the web.xml - this is used to activate the CORS filter against GeoServer’s content.

<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

Depending on your security requirements you may also wish to restrict the access buy customizing the cors.allowed.origins init param (http://software.dzhuvinov.com/cors-filter-configuration.html).

David

···

On Fri, Aug 15, 2014 at 1:48 PM, Mitchel Blais <mblais29@anonymised.com> wrote:

Hi David,

I tried your third option and I am still getting the error. I added the code to tomcat8/conf/web.xml:
CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers
Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cors.exposed.headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials true cors.preflight.maxage 10
Then I downloaded the ‘cors-filter-2.1.jar’ file from the link you sent me and placed it in the ‘tomcat8\webapps\geoserver\WEB-INF\lib’ folder and restarted Apache Tomcat and i was still getting the error? Am I missing something or a step?

On Fri, Aug 15, 2014 at 1:14 PM, David Zwiers <david.zwiers@anonymised.com> wrote:

A couple more options:

Configure IIS to handle the CORS callbacks - http://enable-cors.org/server_iis7.html

Configure IIS to act as a reverse proxy using AAR - http://blogs.msdn.com/b/carlosag/archive/2010/04/02/setting-up-a-reverse-proxy-using-iis-url-rewrite-and-arr.aspx

Update the web.xml file within the geoserver.war file using the syntax above; you may also need to add the cors jar into the war file - http://software.dzhuvinov.com/cors-filter-installation.html

I’ve successfully used both the AAR and cors-filter approaches on larger projects.

Hope this helps.

David

On Fri, Aug 15, 2014 at 12:11 PM, Mitchel <mblais29@anonymised.com> wrote:

venky <venky.src gmail.com> writes:

Dear All,

I have installed Geoserver 2.4.0 on Windows 2008 Server with IIS7.(without
using Tomcat) I can render the Geoserver layer in my web application which
is in my location machine. But when I click on any feature to get
information, I have received the following error message.

XMLHttpRequest cannot load
http://xxx.xxx.xx.xx:8080/geoserver/cite/gwc/service/wms?LAYERS=cite%3APlym…
%2Fpng&INFO_FORMAT=application%2Fvnd.ogc.gml&SRS=EPSG%3A404000&X=802&Y=320.
No ‘Access-Control-Allow-Origin’ header is present on the requested
resource. Origin ‘http://localhost:3311’ is therefore not allowed access.

The same issue I have faced when I was configured the Geoserver on Tomcat7
in another Windows 2008 Server. At that time I have added the below things
in C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml file.
Afterthat issue was solved.
CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins
*

cors.allowed.methods
GET,POST,HEAD,OPTIONS,PUT
cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-

Control-Request-Method,Access-Control-Request-Headers

cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow-

Credentials

cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*
So how & where should I add this in my current case. Kindly give me a
solution to fix this error. Thanks in advance

Thanks & Regard,
Venkat E,
GIS Developer.

Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?
id=122218951&iu=/4140/ostg.clktrk

Geoserver-users mailing list
Geoserver-users lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Venkat,

I added the code you specified to the bottom of the tomcat8/conf/web.xml
file and I still get No ‘Access-Control-Allow-Origin’ error. Is there a step
im missing? The last bit of my web.xml code looks like this:
zmm application/vnd.handheld-entertainment+xml index.html index.htm index.jsp CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins * cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT cors.allowed.headers Content-Type,X-Requested-With,accept,Origin,Access-Control- Request-Method,Access-Control-Request-Headers cors.exposed.headers Access-Control-Allow-Origin,Access-Control-Allow- Credentials cors.support.credentials true cors.preflight.maxage 10 CorsFilter /*

Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users