Hi Rob,
This is Cross Domain issue, WFS uses XMLHTTPRequest (ajax) so you need to
configure a proxy on your IIS server and point OpenLayers to it.
Here is a doco:
http://trac.osgeo.org/openlayers/wiki/FrequentlyAskedQuestions#WhydoIneedaProxyHost
Cheers Alex
On Fri, Jul 13, 2012 at 6:59 PM, uk52rob <uk52...@yahoo.co.uk> wrote:
> Hi All,
>
> I know this is not the first time this has been mentioned. I have searched
> for days for a solution without success, so I am hoping someone else has
> solved this in a similar environment.
>
> System:
> Windows 2008 Web Server
> IIS 7
> Geoserver 2.1.4
>
> The main website runs via IIS on ssl port 443 (
> https://geoserver.testdomain.com:443), whereas Geoserver's Jetty
> webserver runs on port 8080, non-ssl (http://geoserver.testdomain.com:8080
> ).
>
> The issue arises when the openlayers javascript runs on the main website.
> All WMS layers are fine, but javascript will not allow the WFS (XML) layers
> from the other port. This returns Origin
> https://geoserver.testdomain.com:443 is not allowed by
> Access-Control-Allow-Origin.
>
> I have tried a number of work-arounds, including:
>
> Using IIS URL Rewrite
>
> http://cartoninjas.pl/post/2010/10/12/Installing-GeoServer-on-Windows-7-(x32-or-x64)-and-IIS-75.aspx
> (returns
> "forbidden" or "site not found" errors)
>
> Modify Jetty access control
>
> http://jetty.4.n6.nabble.com/Jetty-Access-Control-Allow-Origin-td4634198.html
> (causes
> the jetty server to fail in starting up)
>
> Using an IIS proxy
> http://code.google.com/p/iisproxy/issues/detail?id=8 (returns a 500 -
> Internal server error)
>
> General Info
>
> http://stackoverflow.com/questions/9327218/access-control-allow-origin-not-allowed-by
>
>
> This is not the entire list, as some methods have been removed from my
> browser history, but it will give you an idea of the steps taken.
>
> I have not run the HTML / javascript directly from the WWW directory in
> Geoserver, as the WFS / WMS connection strings include a username and
> password, which would then be freely available to look at in the HTML
> document. Instead, they are encapsulated within the current PHP scripts
> running on the main IIS domain, which offers them some protection.
>
> If anyone has any experience with this issue, I would be grateful to hear
> from you.
>
> Many thanks,
>
> Rob
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Geoserver-users mailing list
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
--
Cheers, Alex
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
